The contract MoneyBrinter inherits OZ's ERC4626 contract. However, by customizing some functions, the contract becomes EIP-4626 incompliant
Vulnerability Details
According to EIP-4626 specifications about function maxWithdraw()
Maximum amount of the underlying asset that can be withdrawn from the owner balance in the Vault, through a withdraw call.
MUST return the maximum amount of assets that could be transferred from owner through withdraw and not cause a revert, which MUST NOT be higher than the actual maximum that would be accepted (it should underestimate if necessary).
MUST factor in both global and user-specific limits, like if withdrawals are entirely disabled (even temporarily) it MUST return 0.
MUST NOT revert.
However, the function MoneyBrinter#maxWithdraw() does not take exit fee into account, which can return values that is unable to be withdrawn.
Impact Details
ERC-4626 incompliance: The value returned from maxWithdraw() can not be used to withdraw