YieldNest – Invalid amounts of asset returned by strategies

This issue prevents the successful withdrawal of assets based on the values returned by the ERC4626 functions and their equivalent versions for different assets.

Vulnerability Details

The KernelStrategy implementations allow for the withdrawal of all supported assets, as opposed to Max Vaults that can only withdraw the base asset. These strategies are designed to comply with ERC4626 by implementing its functions (such as maxWithdraw, maxRedeem, previewWithdraw, and previewRedeem).

In addition, they also incorporate similar functions that handle assets beyond just the base asset, namely maxWithdrawAsset, previewWithdrawAsset, and previewRedeemAsset.

A key issue with these functions is their assumption that all shares in the strategy were minted for a single asset. For instance, when the maxWithdraw function is invoked, the contract presumes that all shares correspond to the base asset, potentially resulting in an inflated withdrawal amount as it neglects to consider that the amount needs to be apportioned among multiple assets.

Vulnerable scenario

The following sequence of actions may lead to the identified problem:

1. An allocator wishes to withdraw BNBX from ynBNBk.
2. The allocator calls the maxWithdrawAsset function for BNBX.
3. The strategy calculates the total value of all shares in terms of BNBX.
4. The allocator then invokes the withdrawAsset function using the amount provided.
5. The protocol computes the BNBX amount through the previewWithdrawAsset function.
6. The protocol checks the available balance of BNBX. If the balance is less than the requested amount, it proceeds to unstack BNBX from Kernel.
7. Since some shares were minted with the SLISBNBtoken as a deposit, there may not be sufficient BNBX available for withdrawal from Kernel, resulting in a transaction revert.