Link to Issue: code-423n4/2023-09-asymmetry-findings#62
The sponsor has provided a detailed response in the following comment: code-423n4/2023-09-asymmetry-findings#62 (comment)
In summary their analysis is:
As the sponsor comments:
> Based on this analysis we think a 2% chainlink variance is an acceptable risk, even when the ratios are far apart.
However, the accepted risk is also justified by the introduction of a minimum delay in the withdrawal process:
> in another pull request we set a minimum withdraw time of 1 epoch so its impossible to instantly withdraw even if there are unlockable funds in the contract.
Given the error with the withdrawal delay in VotiumStrategy, detailed in issue [ADRIRO-NEW-H-01] (VotiumStrategy withdrawal can still be executed with minimal delay), which still offers the possibility of depositing into the protocol with minimal exposure to CVX, the attack is still feasible and can be performed under the right circumstances. The assessment is that the issue is still present and it has not been mitigated.
Other
The text was updated successfully, but these errors were encountered:
All reactions