claimYieldFeeShares
reset the yieldFeeBalance
#207
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-59
🤖_10_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
sufficient quality report
This report is of sufficient quality
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
Lines of code
https://github.com/code-423n4/2024-03-pooltogether/blob/480d58b9e8611c13587f28811864aea138a0021a/pt-v5-vault/src/PrizeVault.sol#L617
Vulnerability details
Impact
After the
yieldFeeRecipient
invokes part of the yield fee, all yield fee will be reset, and theyieldFeeRecipient
cannot obtain the remaining fee, resulting in the loss of user funds.Proof of Concept
Let's look at this function,
yieldFeeBalance
should subtract_shares
instead of_yieldFeeBalance
:Tools Used
vscode, manual
Recommended Mitigation Steps
Assessed type
Error
The text was updated successfully, but these errors were encountered: