← All Posts | findings | December 31, 2024

YieldNest – Invalid rate for vaults

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

The valuation of vault tokens is inaccurately represented, leading to a decreased
value of the assets held within the MaxVault.

Vulnerability Details

The rate providers for MaxVaults (ynBNBx and ynETHx) have the previewRedeem function to determine the rate for a single strategy token. However, this function includes the withdrawal fee, which results in an incorrect valuation that is lower than the actual value of one token.

Impact

MEDIUM – The valuation of vault tokens is inaccurately represented, leading to a decreased value of the assets held within the MaxVault.

Recommendation

To ensure accurate rate evaluation, utilize the convertToAssets function instead.

References

Meet Composable Security

Get throughly tested by the creators of Smart Contract Security Verification Standard

Learn more

YieldNest – Invalid rate for vaults

Vulnerability Details

Impact

Recommendation

References

Similar posts

Lido – Node Operator can exit and slash their validator to move withdrawal finalization border epoch

Lido – Uncaught exception on creating ejection report

Lido – Security Review of Oracle V5 update

Security Guide

Othentic – Invalid EigenLayer reward submission

Othentic – Uncleared claims

Join the newsletter now

Thank you for sign up!