Skip to content

Latest commit

 

History

History
55 lines (34 loc) · 1.46 KB

049.md

File metadata and controls

55 lines (34 loc) · 1.46 KB

Fast Khaki Raccoon

High

earlyWithdraw will charge a significantly lower fee

Summary

Early debond fee is set to be debond fee + 10% of amount

https://github.com/sherlock-audit/2025-01-peapods-finance/blob/main/contracts/contracts/PodUnwrapLocker.sol#L125-L126

        // Penalty = debond fee + 10%
        uint256 _penaltyBps = _debondFee + _debondFee / 10;
        uint256[] memory _penalizedAmounts = new uint256[](_lock.tokens.length);

However as we can see from the code snippet it's actually _debondFee + 10% of _debondFee, or _debondFee * 11 / 10.

Root Cause

debond fee is significantly less than prescribed in the comments, leading to a lower gain or the system and a lower punishment for the user

https://github.com/sherlock-audit/2025-01-peapods-finance/blob/main/contracts/contracts/PodUnwrapLocker.sol#L125-L126

        // Penalty = debond fee + 10%
        uint256 _penaltyBps = _debondFee + _debondFee / 10;
        uint256[] memory _penalizedAmounts = new uint256[](_lock.tokens.length);

Internal Pre-conditions

No response

External Pre-conditions

No response

Attack Path

  1. User withdraws early 100k
  2. debond fee is 10 DAI
  3. User pays 11 DAI, instead of 10 DAI + 10% of 100k and has his assets way earlier than normal

Impact

Users pay a significantly lower fee for early withdraw.

PoC

No response

Mitigation

Make sure the 10% is taken form the amounts, not the debond value.