#41788 [SC-Medium]Yield theft because of compound function design
Was this helpful?
Was this helpful?
Submitted on Mar 18th 2025 at 12:28:09 UTC by @Minnow80539 for
Report ID: #41788
Report Type: Smart Contract
Report severity: Medium
Target: https://github.com/immunefi-team/audit-comp-yeet/blob/main/src/contracts/MoneyBrinter.sol
Impacts:
Theft of unclaimed yield
The MoneyBrinter vault lacks time-weighted reward distribution mechanics, allowing users to deposit into the vault immediately before reward harvesting to capture a disproportionate share of accumulated rewards without contributing to their generation. This vulnerability enables free-riding on yield generated by long-term stakers, potentially draining significant value from committed users and undermining the vault's economic incentives for long-term participation.
The MoneyBrinter vault, which extends ERC4626, implements custom reward compounding logic that fails to consider staking duration when distributing rewards. The issue stems from how rewards are compounded and distributed.
When previously harvested rewards are compounded by a strategy manager, the contract swaps reward tokens for LP tokens, deposits these LP tokens back into Beradrome Farm, which increases totalAssets() without minting new shares. The value of existing shares increases proportionally for all holders.
Critically, this value increase is distributed solely based on current shareholding at the time of compounding, with no consideration for how long users have been staked. This means a user who deposits just before compounding will receive the same proportional benefit as long-term stakers who actually generated those rewards over time. While the compound() function is restricted to strategy managers, these transactions can be observed on-chain or predicted if they follow regular patterns, allowing opportunistic users to front-run them with well-timed deposits.
The bigger the "last minute deposit" the bigger the share of yield will be stolen. Those compounding transactions are easy to frontrun for a sophisticated actor monitoring the mempool. This vulnerability will lead to diminishing returns for legitimate users, reducing their apy significantly and unfairly, penalizing their loyalty. The only mitigation is the fee on exit vault, which might no incentivize people to withdraw right after having benefited from the compounding, depending on the yield generated, but it still takes yield from early deposits and distributes it among later deposits which is not fair.
Time-weighted distribution approaches for yield farming: https://github.com/convex-eth/platform/blob/main/contracts/contracts/BaseRewardPool.sol
An attacker can exploit the time-based reward distribution vulnerability in MoneyBrinter through these steps: Monitor the MoneyBrinter vault to identify when harvesting transactions occur, or call harvesting functions himself. When harvesting functions are called, the attacker knows that compounding is likely to happen soon. The attacker deposits a significant amount into the vault between harvesting and compounding, or just before compounding by frontrunning the transaction. When compounding occurs, the existing rewards generated by long term stakers are converted to LP tokens and deposited back into Beradrome Farm, increasing the value of all shares, including the attacker's newly acquired ones. Even without malicious actors in the loop, this design favors the latest depositors who benefit from the yield generated by early depositors.