-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AfEth collaterals cannot be balanced after ratio is changed #55
Comments
0xleastwood marked the issue as primary issue |
0xleastwood marked the issue as selected for report |
Its hard to rebalance because of the locked convex. We have discussed this internally and consider it an acceptable risk for now so im acknowledging this issue instead of confirming |
elmutt marked the issue as disagree with severity |
elmutt (sponsor) acknowledged |
0xleastwood marked the issue as not selected for report |
Leaving as is because I don't think this is typical behaviour. |
0xleastwood marked the issue as selected for report |
If the Asymmetry decides to reset the |
I don't think the CVX locking constraint takes away the issue. Note that the same is implemented in SafEth, with derivatives having different constraints in their respective LSD token. For the specific concern in the Votium strategy and the CVX locking, it could be implemented by increasing the |
I mean you could implement instant rebalancing but that probably adds too much complexity and isn't necessary, so instead this design choice was decided as acceptable. Don't think it invalidates the issue. |
What is the actual impact of this? A forced rebalance would be associated with trading losses, so letting it rebalance organically seems like a good design choice. What is the harm in staying in the old ratio for a while? That was the exposure that was first deposited into after all, so it seems fair that when they then withdraw that they withdraw in about the same ratio. Rather it seems that the ratio can be seen as an agreement with the user on how his funds are to be invested. Suddenly rebalancing these would break this agreement. As for how fast it converges to the new ratio, if the small amounts are deposited and withdrawn equally, the higher balance will converge as I talked about this "issue" in my analysis #71. |
Same as #48, the ratio is a protocol feature. I strongly disagree with "so letting it rebalance organically seems like a good design choice". Even if we discard situations where the shift in balance is a strategic choice (which I still don't agree with a organic rebalance), a critical scenario in which the exposure to any of the strategies must be reduced will clearly cause an issue. |
The report doesn't demonstrate any such critical scenario, so then there is insufficient evidence. (I also cannot imagine what such a scenario would even be.) As for the ratio's being a protocol feature, see my comment on #48. |
I don't know what to say, honestly. First it was the lack of impact, then the organic rebalance that was a design choice, now it's a lack of evidence. 🤷 |
I agree that organic rebalancing is a good feature but this can be easily circumvented by depositing into the protocol under the new ratio, withdrawing and rinsing and repeating to bring it closer to the new ratio at an accelerated rate. But I also understand that instantly rebalancing to the new ratio would retroactively impact existing users which again is not ideal. I don't think either approach is valid and I think the design can either be reconsidered or considered an acceptable risk by the protocol team for which they have. Keeping this as is because imo it is still highlighting an important design flaw. |
From this I gather that both organic rebalancing and instant rebalancing have drawbacks, and that the current design can either be reconsidered or accepted. So this report achieves nothing but "highlighting an important design flaw", which sounds exactly like Analysis to me, with no security risks demonstrated. In any case, I would like to remind of the duplicate of this issue in my Analysis #71 under Ratio mechanism. |
Ok so you have changed your mind again, now it's not a lack of evidence anymore but a lack of impact, and even so you are asking for grading based on part of your analysis. Unbelievable. |
No, they have always gone hand in hand @adriro: there should be evidence for an impact. |
Moving into analysis report for the same reasons as #48. |
0xleastwood marked the issue as not selected for report |
0xleastwood changed the severity to QA (Quality Assurance) |
@0xleastwood Sorry, but I have to say that I feel the shift in decision is a product of the constant pressure of a warden that keeps changing his arguments because he doesn't like the outcome. Nevertheless, I'll provide more information and try to address every point. First, I consider both #55 and #48 issues that have nothing to do with C4 analysis. Citing https://docs.code4rena.com/awarding/incentive-model-and-awards#analyses
Comments in d3e4 analysis should be taken as an insight of the protocol/design, which doesn't imply that my reported issues have the same intention, nor that they belong to that category. I think this is another rhetoric movement by this person to downgrade the issue or eventually gain grade from it as a duplicate, shamelessly stated here #55 (comment) Second, regarding the issues itself, I believe both are valid and have the proper severity. The ratio is a core feature of the contract, it measures the exposure to the underlying assets, which ultimately affects depositors. I believe both reports are well structured, providing both impact and evidence. I think that, between the two, #55 is more important and has a greater latent impact. Any change to the ratio cannot be implemented in practice. This becomes more important in a critical scenario in which the protocol needs to move away from any of the underlying strategies, a change in the ratio will do exactly nothing. Regarding the instantly rebalancing, this is precisely what SafEth implements, and what my report proposes as a recommendation. It doesn't need to be enforced during every ratio change, but would allow correction with both proper access control given to protocol government, and also proper slippage control to minimize impact (again both concerns highlighted in the report). Note that SafEth compounds itself internally, and only Votium rewards are compounded into AfEth, but these rewards only represent a 20% APR of just the Votium TVL. And this is without considering a shift in price of ETH/CVX, which needs to be factored in since one strategy is essentially ETH/LSD and the other is CVX. |
It's also suspiciously curious that the same warden mentions, in this comment, that:
But in his own issue, which interestingly is also based on the unbalanced ratio, says that:
It appears that the facts differ when he discusses his own issues compared to when he attempts to criticize others. |
Let me first address the personal attacks.
I have already addressed the error in what you have explicitly stated are changes to my arguments. However else you think my comments uses different arguments are due to their being individually incomplete, inadequately expressed, or simply due to the fact the they each are written in response to a specific comment.
"Not necessarily inappropriately slow" does not contradict "quite slow". I never claimed it is too slow, in the sense that it has an impact. On to the issue itself. |
Not at all, quite the opposite. I'm raising, with links, cites and evidence, a clear inconsistent attitude that I consider disrespectful towards the work I do. |
I will make my final decision on this shortly, but I would like to point out that the post-judging QA is over and my decision will be final. |
I'm going to reiterate my understanding of the analysis section, I actually don't think any information which is worthy of being included in this section automatically invalidates any related issues. It makes sense to me that there would be overlap. Ideally architectural/design decisions are highlighted but the impact of those decisions can be brought to light in the form of formal issues too. In this instance, the implementation of the ratio mechanism with respect to rebalancing between For these reasons, I would still like to keep this issue as medium severity because I think this mechanism is ultimately flawed and can be realistically improved. My decision is final on this. |
This previously downgraded issue has been upgraded by 0xleastwood |
0xleastwood marked the issue as selected for report |
@0xleastwood I understand your decision is final, and I can agree with your reasoning. But you are missing an important point. But since you do grade this issue as Medium, then my report on this issue in #71, which reports all of the facts provided here (and a little more), should be upgraded to a duplicate of this issue. |
Noted, but my decision remains unchanged and I will not be upgrading a section of your analysis report because it doesn't dive into the impact nor does it provide any remediation to the issue at hand. |
It is not a requirement for validity that the report contain a recommended mitigation, it is only encouraged. @0xleastwood, could you please clarify what you consider to be the stated impact in #55 and what part of that impact is not mentioned in #71. |
Lines of code
https://github.com/code-423n4/2023-09-asymmetry/blob/main/contracts/AfEth.sol#L90-L92
Vulnerability details
Summary
The AfEth ratio between the collaterals can be modified but there is no direct way to balance the assets to follow the new ratio.
Impact
The AfEth contract contains a configurable parameter
ratio
that indicates the intended balance between the two collaterals, SafEth and the Votium strategy. For example, a value of3e17
means that 30% of the TVL should go to SafEth, and 70% should go to Votium.This ratio is followed when new deposits are made. The deposited ETH is splitted according to the ratio and channeled in proportion to each collateral. The ratio is also checked when rewards are deposited to direct them to the proper collateral.
The ratio can also be modified by the admins of the protocol using the
setRatio()
function.https://github.com/code-423n4/2023-09-asymmetry/blob/main/contracts/AfEth.sol#L90-L92
However, there is no way to balance the assets once a new ratio is defined. The implementation will need to rely on new deposits and reward compounding to slowly correct the offset, which may take a lot of time and may be impractical for most cases.
Proof of Concept
Let's assume the protocol is deployed with a ratio of
3e17
.5e17
.Recommendation
Similar to how it is done in SafEth, the AfEth contract could have a rebalancing function which withdraws the proper amount from one collateral and deposits it in the other collateral, in order to correct the offset and target the new configured ratio. This function should be admin controlled, and support slippage control to correctly handle potentially large amounts of swaps.
An alternative could be to also correct a potential deviation in the ratio using new deposits. This could help speed up the correction by not only relying on rewards, but will also endure a delay in the convergence.
Assessed type
Other
The text was updated successfully, but these errors were encountered: