The _forceRepay and _doLiquidation functions in AlchemistV3 fail to decrement _mytSharesDeposited after MYT tokens are repaid or liquidated. This results in the system accounting showing higher than actual deposited MYT shares, leading to an inflated perception of collateral coverage. Consequently, redeemers or liquidators may receive more principal than they are entitled to, effectively causing principal overpayment and system-level accounting imbalance.
Vulnerability Details
The AlchemistV3 contract tracks MYT deposits using an internal accounting variable _mytSharesDeposited, which represents the total MYT shares deposited into the system. When MYT tokens are withdrawn, repaid, or liquidated, the corresponding amount should be decremented from _mytSharesDeposited to maintain consistent accounting.
However, in both _forceRepay() and _doLiquidation() functions, the logic handles MYT transfers and balance updates but does not update _mytSharesDeposited, as seen below:
if(creditToYield >0){// Transfer the repaid tokens from the account to the transmuter. TokenUtils.safeTransfer(myt,address(transmuter), creditToYield);}
This omission causes _mytSharesDeposited to remain unchanged even though MYT tokens are effectively moved out of the strategy’s control during a repayment or liquidation. As a result, the system incorrectly believes more MYT is still backing outstanding liabilities than actually exists.
In scenarios involving redemptions or liquidations, this inflated value of _mytSharesDeposited can cause miscalculations in yield accounting and redemption share ratios — allowing redeemers to receive more principal value than intended.
Proper accounting requires decrementing _mytSharesDeposited whenever MYT is transferred out from the protocol’s collateral reserves:
Impact Details
Failure to decrement _mytSharesDeposited leads to collateral accounting inflation, resulting in:
Principal overpayment risk: Redeemers or liquidators may receive a higher principal value due to overstated share accounting.
Inaccurate system metrics: The protocol will report a higher-than-actual deposited MYT balance, distorting health factor and solvency calculations.
Long-term drift in system invariants: Repeated repayments and liquidations will compound the error, creating persistent imbalances between real collateral and tracked deposits.
Potential protocol losses: Over-redemption or excessive liquidation payouts can result in a net loss of protocol-held assets or depletion of reserves.
Mitigation
To ensure correct collateral and share accounting, the contract should decrement _mytSharesDeposited whenever MYT tokens are transferred out of the system through repayment or liquidation. This ensures that the internal state remains consistent with the actual MYT balance held by the protocol.
Update both _forceRepay() and _doLiquidation() as follows:
