#42604 [SC-Low] `MoneyBrinter` vault does not conform to ERC4626
Was this helpful?
Was this helpful?
Submitted on Mar 24th 2025 at 23:12:58 UTC by @NHristov for
Report ID: #42604
Report Type: Smart Contract
Report severity: Low
Target: https://github.com/immunefi-team/audit-comp-yeet/blob/main/src/contracts/MoneyBrinter.sol
Impacts:
Contract fails to deliver promised returns, but doesn't lose value
Vault’s implementation of ERC4626 returns an incorrect value in maxWithdraw
when exit fees are applied. If a user attempts to withdraw using the maxWithdraw value, the transaction will revert, which means that the vault does not fully conform to the expected ERC4626 standard.
The ERC4626 specification
states that the maxWithdraw
function MUST return the maximum amount of assets that could be transferred from owner through withdraw and not cause a revert, which MUST NOT be higher than the actual maximum that would be accepted (it should underestimate if necessary).
but the current MoneyBrinter
contract does not conform this statement when fees are applied on withdraw.
The calculation of the fees can be found in the following MoneyBrinter
functions.
but the maxWithdraw
function is not overriden by the default implementation of the ERC4626 Openzeppelin contract.
This shows that maxWithdraw
produces an amount that cannot be successfully withdrawn due to the fee calculation, and thus the vault fails to meet the requirements of ERC4626 and leads to transactions being reverted.
MoneyBrinter
does not conform to ERC4626 which may break external integrations and leading to failed transactions.
ERC4626 documentation - https://eips.ethereum.org/EIPS/eip-4626#maxWithdraw
The following test could be added to the VaultWithdrawTest.t
test file.
this can be executed by running the command:
Here, even though vault.maxWithdraw(bob)
returns 100 tokens, this amount does not account for the exit fee. When the user calls vault.withdraw
with this amount, the fee is added on, causing the withdrawal to exceed the available balance, which ultimately reverts the transaction.