-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mitigation of M-12: mitigation error, see comments #57
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
duplicate-67
MR-NEW
satisfactory
satisfies C4 submission criteria; eligible for awards
Comments
Your issue makes sense but we awe are ok with having slippage in the derivatives as well as the main contract. |
Picodes marked the issue as satisfactory |
Picodes marked the issue as primary issue |
Picodes marked the issue as duplicate of #67 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
duplicate-67
MR-NEW
satisfactory
satisfies C4 submission criteria; eligible for awards
MITIGATION IS NOT CONFIRMED
MITIGATION IS NOT CONFIRMED
Mitigation of M-12: mitigation error, see comments
Link to Issue: code-423n4/2023-03-asymmetry-findings#150
Comments
While the proposed change correctly mitigates the issue, in the sense that it introduces a user controlled slippage for
stake()
andunstake()
, the new changes conflict with an existing implementation that should be addressed.Technical Details
The changeset adds a minimum output amount for the
stake()
andunstake()
functions present in the SafEth.sol contract. If the output amount is below this limit, the transaction gets reverted, letting the user be in control of the final amounts they will receive.This new feature is an excellent addition to the protocol. However, it conflicts with the previous slippage control, present in each of the 3 derivatives:
This means that a user may control slippage only under the (currently) 1% margin imposed in each derivative, as setting a lower amount will eventually be overridden by the limit on each derivative, which will revert the operation.
During times of high market volatility, a user may want to exit their position and set a high slippage, and eventually take losses beyond the protocol defined slippage present in each of the derivatives.
Recommendation
My recommendation is to keep the current changes in the pull request and remove the
maxSlippage
in each derivative. If the intention is to also have a finer control over the slippage in each individual derivative, then extend the new_minOut
parameter to be one per derivative. This would allow the user to have complete control over their position. The protocol can provide safe defaults using off-chain mechanisms when the user operates through a front-end application.The text was updated successfully, but these errors were encountered: