search

code-423n4 / 2022-01-sandclock-findings

0 stars 0 forks source link

Depositors are at mercy of admins to get their funds back #136

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

cmichel

Vulnerability details

When depositors want their funds back and there are not enough funds in the vault or the strategy, the aUST in the BaseStrategy needs to be redeemed. This redemption process is asynchronous due to the nature of EthAnchor and requires an admin to redeem the aUST back to UST. It can only be started by the restricted initRedeemStable function.

Impact

If the admins don't redeem the aUST, users cannot get back their investment and lose funds.

Recommended Mitigation Steps

The users should not have to rely on admins to get their funds back.

naps62 commented 2 years ago

duplicate of #126

dmvt commented 2 years ago

duplicate of #76