In general Troves can only be accrued by their owners during state-changing operations
for (uint i = 0; i < _iterations.length; i++) {
RedeemIteration memory iteration = _iterations[i];
checkValidRedemptionHint(vars.priceCache, iteration.trove);
troveManager.applyPendingRewards(iteration.trove, vars.priceCache); /// @audit The Hint may be wrong NOW, the CR may be underwater now
SingleRedemptionVariables memory troveRedemption = _calculateTroveRedemption( /// TODO: KEY
vars.priceCache,
iteration.trove,
_stableCoinAmount - vars.totalRedeemedStable,
false // without pending rewards, because they got applied above
);
// resulting CR differs from the expected CR, we bail in that case, because all following iterations will consume too much gas by searching for a updated hints
// allowing 1% deviation, because of time based borrowing interests
if (troveRedemption.resultingCR > iteration.expectedCR) {
if ((troveRedemption.resultingCR * DECIMAL_PRECISION) / iteration.expectedCR > 1.01e18) break; /// @audit Risk of overflow
} else {
if ((iteration.expectedCR * DECIMAL_PRECISION) / troveRedemption.resultingCR > 1.01e18) break;
}
However, the riskiest trove can be made to accrue by redeeming a very small amount of debt (e.g. 1 wei)
Mitigation
Either document this risk, or enforce a minimum redemption size
sambP
commented
2 months ago
Impact
Apollon charges simple interest on Trove Accrual
In general Troves can only be accrued by their owners during state-changing operations
However, the riskiest trove can be made to accrue by redeeming a very small amount of debt (e.g. 1 wei)
Mitigation
Either document this risk, or enforce a minimum redemption size