M-06 MitigationConfirmed #13
Labels
confirmed for report
This issue is confirmed for report
mitigation-confirmed
MR-M-06
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
Vulnerability details
This issue is mitigated.
Explanation of found problem
In case if RSR token should be used for trading, then it's prices are fetched using
price
function. This function will return low price as 0 in case if oracle is not available. Because of that, all this RSR can be sold for 0 amount in the auction.How it was fixed
As proposed by warden, Reserve team don't use
price
function to fetch RSR price, but useslotPrice
only. This will make use of previously stored prices, in case of oracle timeout, which will not allow to sell RSR for 0 amount.The text was updated successfully, but these errors were encountered: