Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Solera>Informational findings>Integer underflow on ,redeemRequest(0)
GeneralOverview
Findings
High (3)
Medium (1)
Informational (2)Integer underflow on redeemRequest(0)Vesting withdrawals emit the wrong event
DiscussionRedemption often underpays user by one base unitRegarding inflation attacksTest suite
Audit ResultsAssessment Results
Category: Coding Mistakes

Integer underflow on redeemRequest(0)

Informational Impact
Informational Severity
N/A Likelihood

Description

When calling redeemRequest(0), an integer underflow will occur due to fees rounding up:

function previewRedeem(uint256 shares) public view virtual override returns (uint256) {
    uint256 assets = super.previewRedeem(shares);
!    return assets - _feeOnTotal(assets, _getFeeBasisPoints());
}

// [...]
function _feeOnTotal(uint256 assets, uint256 _feeBasisPoints) private pure returns (uint256) {
    return assets.mulDiv(_feeBasisPoints, _feeBasisPoints + _BASIS_POINT_SCALE, Math.Rounding.Ceil);
}

Impact

There is no security impact of this. However, the error may be confusing.

If the underflow did not occur in previewRedeem, a bug would exist where users could grief the vault by redeeming no assets, which burns one base unit of asset every time.

Recommendations

Require that shares is greater than 0 in redeemRequest.

Remediation

This issue has been acknowledged by Solera Markets, and a fix was implemented in PR #10.

Zellic © 2025Back to top ↑