#42033 [SC-Insight] MoneyBrinter contract does not consider farm's pausing status
Was this helpful?
Was this helpful?
Submitted on Mar 20th 2025 at 07:26:30 UTC by @trtrth for
Report ID: #42033
Report Type: Smart Contract
Report severity: Insight
Target: https://github.com/immunefi-team/audit-comp-yeet/blob/main/src/contracts/MoneyBrinter.sol
Impacts:
The contract MoneyBrinter
does not consider Kodiak farm's pausing status for staking and withdrawals. This can cause MoneyBrinter
to be incompliant with ERC-4626
Both function depositFor()
and withdrawTo()
from Beradrome farm plugin contract handle withdraw locked all from Kodiak farm and continue to stake all into the farm. Here depositFor()
is called by MoneyBrinter::deposit()
and MoneyBrinter::mint(). The function
withdrawTo()is called by
MoneyBrinter::withdraw()and
MoneyBrinter::redeem(). So all the core functions of
MoneyBrinter` contract go through the steps Farm::withdrawLockedAll() -> Farm::stakeLocked().
On the other side, the farm contract has pausing feature for the staking and withdrawals. So in case only one of these two is paused, then the core functions of MoneyBrinter
contract does not work and all funds can be temporarily locked in farm contract
ERC-4626 incompliant
Contract's core functions can be unable to operate
Farm contract: https://bartio.beratrail.io/token/0xbdEE3F788a5efDdA1FcFe6bfe7DbbDa5690179e6/contract/code
Beradrome plugin contract: https://bartio.beratrail.io/token/0x80D7759Fa55f6a1F661D5FCBB3bC5164Dc63eb4D/contract/code
Modify the test test_Valid_Deposit_Into_Beradrome
in test file test/vault/Vault_IntegrationTest_ZeroFee.t.sol
Run the test by command forge t --mt test_Valid_Deposit_Into_Beradrome -vv
and the console shows
It means that the maxDeposit()
returns wrong value, and it is also impossible to deposit into the vault even when Kodiak farm only pauses withdrawals