Upgraded Q -> H from 69 [1654495749150]

code-423n4 / 2022-05-sturdy-findings

7 stars 3 forks source link

Upgraded Q -> H from 69 [1654495749150] #169

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Judge has assessed an item in Issue #69 as High risk. The relevant finding follows:

HickupHH3 commented 2 years ago

Slippage of 1% is too strict The GeneralVault assumes that st tokens are always 1:1 redeemable and therefore the slippage should be negligable. This currently is not the case, specifically for LIDO where the depegging is >4%.

HickupHH3 commented 2 years ago

Duplicate of #133

I'm being lenient here as one might argue that the critical step of linking the slippage check of GeneralVault to causing stuck user fund withdrawals was not made. It just happens to be that the LIDO vault was an exception, where users can withdraw directly in stETH, as the warden has reasoned, so I will give the warden the benefit of the doubt this time.