Shambolic Purple Boar
medium
Collateral funds can get stuck in the SolverVault contract indefinitely, without the option for neither admins nor depositors to withdraw
When depositors widthdraw requests are accepted with a payback ratio smaller than 1 some of the deposited collateral stays in the contract. This, according to the team, is to handle situations where there's a specific problem with the solver (https://discord.com/channels/812037309376495636/1191765829554020372/1192091803395051590). However if the problem is later solved, the remaining collateral remains in the contract and can not be retrieved. Depositors can not retrieve it since the entire withdraw request amount of their SolverVaultToken is burned. And since there is no "swipe" function or any other admin-controlled function enabling transferring collateral from SolverVault, it can not be retrieved by admins either. The only option to use these funds is the depositToSymmio function, however this puts the funds in the control of the solver, who is not a trusted admin and therefore can not be trusted to act according to the protocols admins intentions (and even if the solver returns the funds to SolverVault, they still can not be accessed same as before).
Funds can be stuck in SolverVault indefintely causing a loss to depositors/the protocol
Patrial withdraw: https://github.com/sherlock-audit/2023-12-symm-io/blob/60ee22a4c598220821385cfb5eee43f40aafd5f1/solver-vaults/contracts/SolverVaults.sol#L266
Full burn of SolverVaultToken https://github.com/sherlock-audit/2023-12-symm-io/blob/60ee22a4c598220821385cfb5eee43f40aafd5f1/solver-vaults/contracts/SolverVaults.sol#L210
Manual Review
Either add a swipe function to SolverVault where a trusted admin can withdraw residual collateralToken from the contract, or keep an account of the unpaid portion of withdrawals so that depositors can re-request the unpaid part at a later time.