YieldNest - Rate provider for ynBNBx is missing ynClisBNBk strategy - Smart Contract Audits

The processAccounting function will revert on every invocation within the ynBNBx context

Vulnerability Details

The Provider contract, responsible for retrieving rates for all assets held by the vault, currently does not include the ynClisBNBk strategy. As a result, when the processAccounting function attempts to update the totalAssets variable, it fails and reverts with each call.

if (asset == MC.BUFFER || asset == MC.YNBNBk) {
    return IERC4626(asset).previewRedeem(1e18);
}

Impact

MEDIUM – The processAccounting function will revert on every invocation within the ynBNBx context.

Recommendation

Incorporate the ynClisBNBk strategy into the list of assets supported by the Provider contract on the BNB Chain.

References

Case Study – YieldNest – Security Review of Max Vaults and integration with Kernel
Report – YieldNest – Security Review of Max Vaults and integration with Kernel

Meet Composable Security

Get throughly tested by the creators of Smart Contract Security Verification Standard

Learn more

YieldNest – Rate provider for ynBNBx is missing ynClisBNBk strategy

Vulnerability Details

Impact

Recommendation

References

Similar posts

Lido – Node Operator can exit and slash their validator to move withdrawal finalization border epoch

Lido – Uncaught exception on creating ejection report

Lido – Security Review of Oracle V5 update

Security Guide

Othentic – Invalid EigenLayer reward submission

Othentic – Uncleared claims

Join the newsletter now

Thank you for sign up!