Veda

Yield Distribution Design

Yield streaming entry/exit asymmetry — not eligible. AccountantWithYieldStreaming distributes vested and pending yield over the share supply that exists at each _updateExchangeRate() call. This is intentional and produces two symmetric effects: depositors entering during or before a vest gain pro-rata access to the remaining vesting gains, and depositors exiting during or before a vest forfeit their pro-rata share of remaining unvested yield. Strategists are expected to call vestYield atomically with or shortly after yield is realized; the size of any single vest is capped by maxDeviationYield (currently 500 bps daily) so per-event extraction is bounded.

The following framings will be closed without reward:

• "Late deposit captures pro-rata of yield posted after deposit"
• "Deposit immediately before vestYield extracts unearned yield"
• "Withdrawal during vesting forfeits unvested yield" (or any inverse-framing of the same asymmetry)
• "Missing eligible-share snapshot in vestYield" / "no per-depositor checkpoint"
• PoCs requiring shareLockPeriod to be short and the attacker to outlast it once

Reports demonstrating unbounded extraction (i.e., where the per-event cap or operator pause are also bypassed) are still in scope.

Empty Vault Edge Cases

totalSupply() == 0 lifecycle states — not eligible. Vault lifecycle states where vault.totalSupply() reaches or starts at zero are handled operationally, not on-chain. Reports whose exploit path requires any of the following preconditions will not be eligible for reward:

• The vault was empty at deployment and the report concerns the first deposit
• The vault was drained mid-vest and the report concerns yield that vested between drain and re-genesis ("orphaned" or "stranded" gains)
• The report concerns state inconsistencies after setFirstDepositTimestamp() is called following a re-genesis
• The report concerns TWAS desync, share-price inflation, or yield capture by the next depositor following an empty-vault window

Operators handle these transitions by pausing deposits, manually resetting vesting state where needed, and re-seeding the vault. The on-chain code intentionally does not refund or quarantine orphaned gains; they accrue to the next depositor by design.

Fee Calculation Precision

Performance fee accounting model — not eligible. Veda's performance fee is netted off-chain by the strategist before vestYield(yieldAmount, duration) is called. The yieldAmount posted on-chain is already the user-facing distribution amount; the accountant does not separately accrue performance fees against the streaming yield, nor does it adjust share price downward at claimFees time. This is the intended fee accounting model.

The following framings will be closed without reward:

• "Performance fee undercharge — newly minted shares excluded from fee accrual window"
• "claimFees drains fee assets without adjusting exchange rate" (the share price is unchanged because the fee was already netted out before vestYield)
• "Users withdraw gross yield while fees remain only accounting (feesOwedInBase)"
• "Performance fees are included in share price, exiting LPs avoid them"

Reports that demonstrate the strategist is unable to net fees correctly off-chain (e.g., a state read that returns wrong base-asset value, an event that misrepresents posted yield) remain in scope.

Archived Contracts Contracts under src/archive/ (WithdrawQueue.sol, DelayedWithdraw.sol, etc.) are deprecated and not deployed by any in-scope vault. Reports against them are not eligible for a reward.