YieldNest - Rate provider for ynBNBx is missing ynClisBNBk strategy - Smart Contract Audits

The processAccounting function will revert on every invocation within the ynBNBx context

Vulnerability Details

The Provider contract, responsible for retrieving rates for all assets held by the vault, currently does not include the ynClisBNBk strategy. As a result, when the processAccounting function attempts to update the totalAssets variable, it fails and reverts with each call.

if (asset == MC.BUFFER || asset == MC.YNBNBk) {
    return IERC4626(asset).previewRedeem(1e18);
}

Impact

MEDIUM – The processAccounting function will revert on every invocation within the ynBNBx context.

Recommendation

Incorporate the ynClisBNBk strategy into the list of assets supported by the Provider contract on the BNB Chain.

References

Case Study – YieldNest – Security Review of Max Vaults and integration with Kernel
Report – YieldNest – Security Review of Max Vaults and integration with Kernel

Meet Composable Security

Get throughly tested by the creators of Smart Contract Security Verification Standard

Learn more

YieldNest – Rate provider for ynBNBx is missing ynClisBNBk strategy

Vulnerability Details

Impact

Recommendation

References

Similar posts

Neverland – Back-running reward notification

SEAL Certification Goes Live: Composable Security in the First Accreditation Cohort

Bypassing Cursor’s Command Allowlist with GTFOBins-Style Execution

How to Minimize the Risk of Prompt Injection?

Smart Security Practices From The Best

Lido – Node Operator can exit and slash their validator to move withdrawal finalization border epoch

Join the newsletter now

Thank you for sign up!