H-02 MitigationConfirmed #8

code423n4 · 2023-08-17T03:00:35Z

Lines of code

Vulnerability details

Comments

According to the sponsor comments under the issue code-423n4/2023-06-reserve-findings#2 , there is not a perfect idea to avoid this issue completely without significant code changes.

The migration add a resetStakes() function which can be only called by governance. The idea is that the stRSR is also the votes of the governance. So stakers can mostly withdraw, and since governance thresholds are all percentage, vote to immolate themselves and re-start the staking pool.

The function permission check is correct for requireGovernanceOnly(), and the stakeRate is also checked correctly:

        require(
            stakeRate <= MIN_SAFE_STAKE_RATE || stakeRate >= MAX_SAFE_STAKE_RATE,
            "rate still safe"
        );

The text was updated successfully, but these errors were encountered:

c4-judge · 2023-08-28T23:03:18Z

0xean marked the issue as satisfactory

code423n4 added mitigation-confirmed MR-H-02 labels Aug 17, 2023

code423n4 added a commit that referenced this issue Aug 17, 2023

ronnyx2017 issue #8

76a43f5

c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Aug 28, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

H-02 MitigationConfirmed #8

H-02 MitigationConfirmed #8

code423n4 commented Aug 17, 2023

c4-judge commented Aug 28, 2023