3 matches found
Depositors are at mercy of admins to get their funds back
Handle cmichel Vulnerability details When depositors want their funds back and there are not enough funds in the vault or the strategy, the aUST in the BaseStrategy needs to be redeemed. This redemption process is asynchronous due to the nature of EthAnchor and requires an admin to redeem the aUS...
[WP-H9] Centralization Risk: Funds can be frozen when critical key holders lose access to their keys
Handle WatchPug Vulnerability details The current implementation requires trusted key holders isTrustedmsg.sender to send transactions initRedeemStable to initialize withdrawals from EthAnchor before the users can withdraw funds from the contract. This introduces a high centralization risk, which...
[WP-H0] Late users will take more losses than expected when the underlying contract (EthAnchor) suffers investment losses
Handle WatchPug Vulnerability details Even though it's unlikely in practice, but in theory, the underlying contract EthAnchor may suffer investment losses and causing decreasing of the PPS of AUST token. There are codes that considered this situation in the codebase. eg. handling of depositShares...