Incorrect handling of yieldFeeBalance in PrizeVault.sol#claimYieldFeeBalance()
function. Because yieldFeeBalance
was processed incorrectly in the PrizeVault.sol#claimYieldFeeBalance()
function, the recipient
of the yieldFee
suffers a loss.
#269
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-59
🤖_10_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-03-pooltogether/blob/main/pt-v5-vault/src/PrizeVault.sol#L611-L622
Vulnerability details
Impact
The
recipient
of theyieldfee
might suffer a loss of the yield fee.Proof of Concept
The
PrizeVault.sol#claimYieldFeeBalance()
function is as follows.As observed in the code snippet on the right, in
L617
,yieldFeeBalance
is initialized to 0 irrespective of the amount of shares to be minted to the yield fee recipient.Therefore, the recipient of the yield fee loses the fee when
_shares < _yieldFeeBalance
.Tools Used
Manual Review
Recommended Mitigation Steps
Modify the
PrizeVault.sol/claimYieldFeeBalance()
function as follows.Assessed type
Other
The text was updated successfully, but these errors were encountered: