001.md

Raspy Currant Lynx

High

Yield mode for USDB is not actually set, resulting in all yields accrued to be not claimable

Summary

Protocol attempts to set yield mode to claimable by calling blast.configure(), but this only sets the native yield (ETH) and not USDB that is being used as LOAN_TOKEN in predict.fun.

The default yield mode for USDB, which the protocol is using as LOAN_TOKEN, is AUTOMATIC. All accrued USDB yield will be stuck in the loan contract.

Root Cause

https://github.com/sherlock-audit/2024-09-predict-fun/blob/ba2bd6f941f9cd953634a80bb4045550e521e2ef/predict-dot-loan/contracts/BlastNativeYield.sol#L21

When calling Blast's precompile contract with IBlast(blast).configure(YieldMode.CLAIMABLE, GasMode.CLAIMABLE, governor);, this only sets yield mode of native ETH and gas mode.

We need to also be interacting with Blast's USDB precompile contract, for which there is currently no way to do so in BlastNativeYield.sol.

Internal pre-conditions

None

External pre-conditions

None

Attack Path

NA

Impact

Rating this as high severity as this is a loss of funds due to loss of USDB yield in the loan contract with 100% certainty.

PoC

NA

Mitigation

Interact with Blast's USDB precompile contract and set YIELD_MODE to CLAIMABLE.