M-06 MitigationConfirmed #13
Labels
confirmed for report
This issue is confirmed for report
mitigation-confirmed
MR-M-06
satisfactory
satisfies C4 submission criteria; eligible for awards
Comments
|
0xean marked the issue as satisfactory |
c4-judge
added
the
satisfactory
|
0xean marked the issue as confirmed for report |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
Vulnerability details
This issue is mitigated.
Explanation of found problem
In case if RSR token should be used for trading, then it's prices are fetched using
pricefunction. This function will return low price as 0 in case if oracle is not available. Because of that, all this RSR can be sold for 0 amount in the auction.How it was fixed
As proposed by warden, Reserve team don't use
pricefunction to fetch RSR price, but useslotPriceonly. This will make use of previously stored prices, in case of oracle timeout, which will not allow to sell RSR for 0 amount.The text was updated successfully, but these errors were encountered: