#41876 [SC-Insight] User may receive boosted values which are non-concave
Was this helpful?
Was this helpful?
Submitted on Mar 19th 2025 at 03:58:15 UTC by @h2134 for
Report ID: #41876
Report Type: Smart Contract
Report severity: Insight
Target: https://github.com/immunefi-team/audit-comp-yeet/blob/main/src/Yeet.sol
Impacts:
Contract fails to deliver promised returns, but doesn't lose value
The boosted values user receives by specifying nft tokens when yeets are non-concave, this lead to user receive unexpected amount of reward tokens, and the the power of big NFT holders is not properly limited.
The states that a concave curve is applied to the calculation of boosted value, holding greater numbers of NFTs applies increased boost but the marginal benefit should be non-increasing.
A concave curve is applied to this boost in order to limit the power of big holders
To achieve this, nftBoostLookup
is defined as the NFT boost lookup table.
https://github.com/immunefi-team/audit-comp-yeet/blob/da15231cdefd8f385fcdb85c27258b5f0d0cc270/src/Yeet.sol#L187-L214
However, when we draw the curve, we can find the curve is not always concave and there are infection points where the curve becomes convex.
For example, from 10
to 11
, the increased weight ratio is 1.018
(1100 / 1080), however from 11
to 12
, the increased ratio 1.05
(1155 / 1100), therefore there is an infection point at 11
makes the curve convex.
Please find the curve image in the attachment.
The concave curve is applied to limit the power of big holders, fail to do so results in user receives unexpected amount of reward tokens, when the curve becomes convex, a big holder can receive more reward tokens than expected as they gain more boosted values by providing more NFTs, whereas the small holders receive less rewards.
https://github.com/immunefi-team/audit-comp-yeet/blob/da15231cdefd8f385fcdb85c27258b5f0d0cc270/src/Yeet.sol#L187-L214
Take the example of points [10, 11, 12], because the curve is expected to be concave, then the boosted values gained from 10
and 12
should be no larger than the 2x value of the boosted value gained from 11
, however the POC show otherwise:
Please run forge test --mt testAudit_NFTBoost_LookUp -vv
in Yeet.Test.sol
: