PublicVault.processEpoch updates YIntercept incorrectly when totalAssets() <= expected #124
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
M-29
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
Lines of code
https://github.com/code-423n4/2023-01-astaria/blob/main/src/PublicVault.sol#L275-L337
Vulnerability details
Impact
PublicVault.processEpoch updates YIntercept incorrectly when totalAssets() <= expected.
Proof of Concept
When
processEpoch
is called it calculates amount ofwithdrawReserve
that will be sent to the withdraw proxy.Later it updates
yIntercept
variable.https://github.com/code-423n4/2023-01-astaria/blob/main/src/PublicVault.sol#L275-L337
The part that we need to investigate is this.
In case if
totalAssets() > expected
thenwithdrawReserve
istotalAssets() - expected
multiplied byliquidationWithdrawRatio
.That means that
withdrawReserve
amount will be sent of public vault to the withdraw proxy, so total assets should decrease by this amount.In this case call of
_setYIntercept
bellow is correct.However in case when
totalAssets() <= expected
thenwithdrawReserve
is set to 0, that means that nothing will be sent to the withdraw proxy. But_setYIntercept
is still called in this case and total assets is decreased, but should not.Tools Used
VsCode
Recommended Mitigation Steps
In case when
totalAssets() <= expected
do not call_setYIntercept
.The text was updated successfully, but these errors were encountered: