You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
YearnV2YieldSource._withdrawFromVault uses a wrong subtraction.
When withdrawing from the vault one redeems yTokens for tokens, thus the token balance of the contract should increase after withdrawal.
But the contract subtracts the currentBalance from the previousBalance:
uint256 yShares =_tokenToYShares(amount);
uint256 previousBalance = token.balanceOf(address(this));
// we accept losses to avoid being locked in the Vault (if losses happened for some reason)if(maxLosses !=0) {
vault.withdraw(yShares, address(this), maxLosses);
} else {
vault.withdraw(yShares);
}
uint256 currentBalance = token.balanceOf(address(this));
// @audit-issue this seems wrongreturn previousBalance.sub(currentBalance);
Impact
All vault withdrawals fail due to the integer underflow as the previousBalance is less than currentBalance. Users won't be able to get back their investment.
Recommended Mitigation Steps
It should return currentBalance > previousBalance ? currentBalance - previousBalance : 0
The text was updated successfully, but these errors were encountered:
Handle
cmichel
Vulnerability details
YearnV2YieldSource._withdrawFromVault
uses a wrong subtraction.When withdrawing from the
vault
one redeemsyTokens
fortoken
s, thus thetoken
balance of the contract should increase after withdrawal.But the contract subtracts the
currentBalance
from thepreviousBalance
:Impact
All vault withdrawals fail due to the integer underflow as the
previousBalance
is less thancurrentBalance
. Users won't be able to get back their investment.Recommended Mitigation Steps
It should return
currentBalance > previousBalance ? currentBalance - previousBalance : 0
The text was updated successfully, but these errors were encountered: