fees calculations are not accurate #73
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Comments
code423n4
added
2 (Med Risk)
loki-sama
added
the
sponsor disputed
|
This is mitigated by the feeBeneficiary diluting his own shares if he gets fees on his fees. |
|
I'm not exactly sure if I understand what the warden is stating here. Could you confirm @loki-sama ? |
|
Ok, I myself misunderstood. He is correct that we don't get the full value. When we take a fee of 10% like from his example. What we do is mint 10% of the basket to ourselves. That 10% after minting is not holding 10% of the underling. |
loki-sama
added
sponsor acknowledged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
certora
Vulnerability details
after that fee is calculated, it is minted to the feeBeneficiary.
simply minting the exact amount results lower fee than it should be.
Impact
feeBeneficiary will get less fees than it should.
Proof of Concept
let's assume that the basket assets are worth 1M dollars, and totalSupply = 1M.
the result of
calcOutStandingAnnualizedFeeis 100,00 so the feeBeneficiary should get 100,00 dollars.however, when minting 100,00 the totalSupply will increase to 1,100,000 so they will own 100000/1100000* (1M dollars) = 90909.09 dollars instead of 100k
The text was updated successfully, but these errors were encountered: