search
Active Boosts

#41635 [SC-Low] MoneyBrinter contract is EIP-4626 incompliant

Submitted on Mar 17th 2025 at 07:04:00 UTC by @trtrth for Audit Comp | Yeetarrow-up-right

  • Report ID: #41635

  • Report Type: Smart Contract

  • Report severity: Low

  • Target: https://github.com/immunefi-team/audit-comp-yeet/blob/main/src/contracts/MoneyBrinter.sol

  • Impacts:

hashtag
Description

hashtag
Brief/Intro

The contract MoneyBrinter inherits OZ's ERC4626 contract. However, by customizing some functions, the contract becomes EIP-4626 incompliant

hashtag
Vulnerability Details

According to EIP-4626 specifications about function maxWithdraw()

Maximum amount of the underlying asset that can be withdrawn from the owner balance in the Vault, through a withdraw call.

MUST return the maximum amount of assets that could be transferred from owner through withdraw and not cause a revert, which MUST NOT be higher than the actual maximum that would be accepted (it should underestimate if necessary).

MUST factor in both global and user-specific limits, like if withdrawals are entirely disabled (even temporarily) it MUST return 0.

MUST NOT revert.

However, the function MoneyBrinter#maxWithdraw() does not take exit fee into account, which can return values that is unable to be withdrawn.

hashtag
Impact Details

ERC-4626 incompliance: The value returned from maxWithdraw() can not be used to withdraw

hashtag
References

https://eips.ethereum.org/EIPS/eip-4626#maxwithdraw.

hashtag
Proof of Concept

hashtag
Proof of Concept

  1. Modify the test testWithdrawSuccessWithFee at file test/vault/VaultWithdrawTest.t.sol as below:

  1. Run the test and console shows

It means that the contract MoneyBrinter is trying to burn more amount than the user's balance

Previous#41633 [SC-High] Users might lose some of the rewards they’re supposed to get.Next#41639 [SC-Insight] Cross-Vault Reward Arbitrage in StakeV2 Allows Yield Theft

Was this helpful?