function claimYieldFeeShares
subtracts wrongly
#79
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-59
🤖_10_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
sufficient quality report
This report is of sufficient quality
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
Lines of code
https://github.com/code-423n4/2024-03-pooltogether/blob/main/pt-v5-vault/src/PrizeVault.sol#L611
Vulnerability details
Impact
function
claimYieldFeeShares
subtracts the whole yieldFeeBalance instead of the shares that the YieldFeeRecipient provides.Proof of Concept
The provided functions takes as a parameter
shares
that will be minted to the YieldFeeRecipient. The problem is there that no matter what the shares user provides the whole yieldBalance will get to 0 instead of subtracting shares;Tools Used
Foundry
Recommended Mitigation Steps
Change
PrizeVault:L617
toyieldFeeBalance -= _shares;
Assessed type
Math
The text was updated successfully, but these errors were encountered: