Was this helpful?
Submitted on Mar 16th 2025 at 08:53:45 UTC by @coffiasd for
Report ID: #41526
Report Type: Smart Contract
Report severity: Medium
Target: https://github.com/immunefi-team/audit-comp-yeet/blob/main/src/contracts/MoneyBrinter.sol
Impacts:
Theft of unclaimed yield
The MoneyBrinter::compound function first swaps multiple tokens for token0 and token1. Instead of depositing these tokens into an ERC4626 vault to mint shares, it deposits them into the BeradromeFarmPlugin to add additional underlying assets. This process can be vulnerable to sandwich attacks.
From above code we can see the vaultSharesMinted is zero , this function does't mint some ERC4626 shares, it use _depositIntoFarm to deposit underlying assets(kodiakVaultTokensMinted) into beradromeFarmPlugin.
This function can make ERC4626 shares holder withdraw more underlying assets.
compound can be vulnerable to sandwich attacks, result in attacker takes profit
https://github.com/immunefi-team/audit-comp-yeet/blob/main/src/contracts/MoneyBrinter.sol?utm_source=immunefi#L199-L227
Test:
Please note that depositFor() works same as compound() function
Out:
