Collaterals that become nonfunctional during an auction can DoS an RToken's rebalancing capabilities #33
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-a
primary issue
Highest quality submission among a set of duplicates
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
🤖_60_group
AI based duplicate group recommendation
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-07-reserve/blob/3f133997e186465f4904553b0f8e86ecb7bbacbf/contracts/p1/BackingManager.sol#L120
Vulnerability details
RToken contracts, and in particular AssetRegistry and BasketManager are robust to weird behaviors of collaterals such as reverting on regular ERC20 operations, in the sense that at any point in time it is possible to remove a collateral from the basket without ever calling it.
The same level of protection is however not achieved when a collateral becomes unresponsive after it's been auctioned for recollateralization.
BackingManager.rebalance
operations calls can only happen when there are no trades open:and the only place that brings a non-zero
tradesOpen
back to 0 isTrading.settleTrade
, which in turn requires the tradeDutchTrade
orGnosisTrade
to successfully settle.If an auctioned (sell) or the raised (buy) token reverts on
balanceOf
ortransfer
calls, bothDutchTrade
andGnosisTrade
will revert onsettle
calls, making it impossible to bringtradesOpen
back to0
, therefore preventingBackingManager
from resuming normal operation:Impact
Tokens that become nonfunctional, for example after a failed upgrade, while being auctioned or raised by BackingManager, will permanently DoS its recollateralization capabilities.
Tools Used
Code review, Foundry
Recommended Mitigation Steps
Consider adding a governance action allowing BackingManager to force-settle (essentially writing off) token sales that can't be normally settled.
Assessed type
DoS
The text was updated successfully, but these errors were encountered: