In case when not all RSR was sold on auction users can loose it #42
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Comments
code423n4
added
2 (Med Risk)
|
related to #2 |
|
I believe this is a dup of a previous finding: code-423n4/2023-02-reserve-mitigation-contest-findings#17 |
c4-sponsor
added
the
sponsor disputed
|
tbrent marked the issue as sponsor disputed |
|
No, this issue is not same as previous finding. The difference is that previous finding talks this happen, when era didn't changed so returned amount is distributed among previous stakers and new stakers. |
|
You can see in code-423n4/2023-02-reserve-mitigation-contest-findings#17 that it was listed as a dup of code-423n4/2023-02-reserve-mitigation-contest-findings#48, where 48 is specifically about a new era. |
|
0xean marked the issue as unsatisfactory: |
c4-judge
added
the
unsatisfactory
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/reserve-protocol/protocol/blob/c4ec2473bbcb4831d62af55d275368e73e16b984/contracts/p1/StRSR.sol#L416-L469
https://github.com/reserve-protocol/protocol/blob/c4ec2473bbcb4831d62af55d275368e73e16b984/contracts/p1/BackingManager.sol#L149-L152
https://github.com/reserve-protocol/protocol/blob/c4ec2473bbcb4831d62af55d275368e73e16b984/contracts/p1/BackingManager.sol#L205-L208
Vulnerability details
Impact
In case when not all RSR was sold on auction users can loose it, if era was changed for them.
Proof of Concept
The purpose of StRSR stakers is to provide RSR tokens, that can back system in case if not enough collateral is present. During rebalance,
BackingManagercan seize funds from StRSR.It's possible that the sum that is needed will make new era begin, which means that user don't have any stRSR anymore.
But also it's possible that not all amount of RSR will be traded by Gnosis auction, so as result BackingManager will contain RSR, that will be returned back to StRSR.
The problem is that this amount will not be returned to the stakers who were seized, it will be returned to another era stakers. As result old era stakers lost their funds, while new era stakers received more funds.
Tools Used
VsCode
Recommended Mitigation Steps
Maybe it's possible to track era that was seized in order to return funds to the stakers of that era, so they can claim them according to their StRSR or drafts in that era.
Assessed type
Error
The text was updated successfully, but these errors were encountered: