Yield Fee Shares could be lost while claiming claimYieldFeeShares #342
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-59
🤖_10_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-03-pooltogether/blob/main/pt-v5-vault/src/PrizeVault.sol#L611
https://github.com/code-423n4/2024-03-pooltogether/blob/main/pt-v5-vault/src/PrizeVault.sol#L617
Vulnerability details
Impact
Whenever
onlyYieldFeeRecipient
callsclaimYieldFeeShares(uint256 _shares)
,if _shares < total shares accrued from yield fee balance then there will be
loss of yieldFeeBalance and that yieldFeeBalance could never be claimed back.
There is no check in
claimYieldFeeShares()
that how many shares the claimerwants to claim so according to that
yieldFeeBalance
should get subtracted,but here whole yieldFeeBalance gets subtracted without checking how many shares
the claimer wants to claim
Proof of Concept
claimYieldFeeShares(uint256 _shares) by passing it only half of the total yield
fee shares .
becoming zero without checking that Bob is trying to claim total or partial
amout of shares.
Tools Used
Manual Review
Recommended Mitigation Steps
While claiming
claimYieldFeeShares()
it should be checked how many amount of shares the claimer wants to claim rather than subtracting whole yieldFeeBalance.Assessed type
Other
The text was updated successfully, but these errors were encountered: