Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-02-ETHOS-FINDINGS-ISSUES-837
HistoryMar 07, 2023 - 12:00 a.m.

Redemption fee increase can be thwarted

2023-03-0700:00:00
Code4rena
github.com
3
redemption fee
arbitrageur
price floor
volatility
trovemanager
lusd supply
fee increase
protocol growth
gas fees
JSON

Lines of code

Vulnerability details

Impact

The mechanism to increase the baseRate during redemptions is moot, up to gas fees. Therefore an arbitrageur can redeem more than what is healthy for the supply of LUSD. This weakens the price floor at $1, and may cause needless volatility. It further implies that an excess of troves may be closed, and impedes the growth of the protocol.

Proof of Concept

The redemption fee is increased based on the fraction of redeemed LUSD to total supply. This is to disincentivize redemption beyond which reduces the supply more than the current price is too low, as per QTM. For example, if LUSD trades at $0.99 then exactly 1% of the total supply should ideally be redeemed. The fee is greater the greater the fraction of the total supply is redeemed, with the intention that an arbitrageur profits maximally when redeeming just the right amount, but not when redeeming more than this.
However, this assumes that the redemption is performed in whole. The baseRate increases by half of the fraction of total supply redeemed in a redemption: (TroveManager.sol#L1408-L1411)

uint redeemedLUSDFraction = 
LiquityMath._getScaledCollAmount(_collateralDrawn, _collDecimals).mul(_price).div(_totalLUSDSupply);

uint newBaseRate = decayedBaseRate.add(redeemedLUSDFraction.div(BETA));

The increased fee rate makes it unprofitable to redeem more than a certain amount. But nothing prevents an arbitrageur from splitting that greater amount into several smaller redemptions, whereby each constitutes only a small fraction of the total supply whence baseRate increases only very little. By splitting the amount into ever smaller parts the accumulated increase in baseRate can be made arbitrarily small (only limited by gas fee considerations), thereby bypassing the fee increase.

Recommended Mitigation Steps

The increase in baseRate should not be determined by the fraction of total supply redeemed, but should be independent of the amount redeemed such that it doesn’t matter how the redemptions are partitioned.

The text was updated successfully, but these errors were encountered:

All reactions

JSON