code423n4 commented 2 years ago

Handle

GiveMeTestEther

Vulnerability details

Impact

Because of rounding errors with the ration etc, there will be some "dust" of tokens in a basket that can't be withdrawn when burning the basket tokens (also switching to new tokens in settleAuction will leave some dust). Therefore some tokens will be locked forever.

Proof of Concept

https://github.com/code-423n4/2021-12-defiprotocol/blob/205d3766044171e325df6a8bf2e79b37856eece1/contracts/contracts/Basket.sol#L281

Tools Used

Manual Analysis

Recommended Mitigation Steps

implement a function to withdraw the balance of a token that the basket has of a token to the publisher after the basket has reached its end-of-life (totalSupply() = 0) or switching to new tokens in settleAuction

frank-beard commented 2 years ago

in the case of a basket being decomissioned dust can be withdrawn through a rebalance from the publisher.

0xleastwood commented 2 years ago

As the sponsor has stated, this would be recoverable as the publisher can influence the ibRatio such that they are able to withdraw the dust balance.

code-423n4 / 2021-12-defiprotocol-findings

Dust can't be withdrawn #174

Handle

Vulnerability details

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps