Dust can't be withdrawn

[code423n4]

Handle

GiveMeTestEther

Vulnerability details

Impact

Because of rounding errors with the ration etc, there will be some "dust" of tokens in a basket that can't be withdrawn when burning the basket tokens (also switching to new tokens in settleAuction will leave some dust). Therefore some tokens will be locked forever.

Proof of Concept

https://github.com/code-423n4/2021-12-defiprotocol/blob/205d3766044171e325df6a8bf2e79b37856eece1/contracts/contracts/Basket.sol#L281

Tools Used

Manual Analysis

Recommended Mitigation Steps

• implement a function to withdraw the balance of a token that the basket has of a token to the publisher after the basket has reached its end-of-life (totalSupply() = 0) or switching to new tokens in settleAuction

[itsmetechjay]

Withdrawn by warden. Per GiveMeTestEther, "I submitted the same bug twice, could you please delete the first submission from me."