`wfCash` tokens can be locked in Set

[code423n4]

Lines of code

https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/index-coop-notional-trade-module/contracts/protocol/modules/v1/NotionalTradeModule.sol#L318

Vulnerability details

Impact

The automatic redemption of matured wfCash tokens within the NotionalTradeModule.moduleRedeemHook hook can cause wfCash tokens to be locked within the Set and prevent investors to redeem.

The NotionalTradeModule.moduleRedeemHook hook is always called before Set tokens are redeemed. Within this hook, NotionalTradeModule._redeemMaturedPositions is called which loops over all Set components and tries to redeem matured wfCash components.

If a single matured wfCash component reverts on redemption, the redemption attempt by the caller reverts.

Proof of Concept

NotionalTradeModule.sol#L318

Given a Set with the following wfCash components:

Components (and maturity)
wfDAI @ Jan-01-2022
wfUSDC @ May-01-2022

1. Isabel (investor) issues 1e8 Set tokens by supplying the required amount of wfDAI and wfUSDC tokens and in return, receives 1e8 Set tokens (the price of Set tokens could be different, just for demonstration purposes price is assumed to be 1:1).

2. Fast forward time to February 1st, 2022 -> wfDAI @ Jan-01-2022 matured

3. Isabel wants to redeem her 1e8 Set tokens

4. Internally, the NotionalTradeModule.moduleRedeemHook hook (called before redeeming) tries to redeem all matured wfCash components.

   But unfortunately, redeeming the matured wfDAI @ Jan-01-2022 Set component reverts (see below for potential reasons) within wfCashLogic._burn. Matured wfCash components can therefore not be redeemed within the for loop in NotionalTradeModule._redeemMaturedPositions. Each attempt to run NotionalTradeModule._redeemMaturedPositions fails.

5. Isabel's attempt to redeem reverts and she keeps her 1e8 Set tokens. She now has to wait for the Set manager to take action (e.g. a Set manager can remove a faulty wfCash Set component) to be able to redeem. She lost custody (either temporarily if Set manager takes action or forever) of her initially supplied wfCash tokens.

Reasons for Notional redemption reverting

• One of the wfCash Set components is faulty (e.g. USDC paused/blocked account,..)
• wfCash token being upgradable, future introduced issues with a wfCash token will cripple the whole Set of wfCash positions
• wfCash account settling reverts (NotionalV2.settleAccount(address(this));, wfCashLogic.sol#L221)
• wfCash withdrawal via Notional reverts due to internal issues

Tools Used

Manual review

Recommended mitigation steps

Do not call the _redeemMaturedPositions function within the NotionalTradeModule.moduleRedeemHook hook. Keep the matured wfCash Set components as is and let investors redeem the wfCash tokens directly. Received wfCash can then be redeemed by interacting directly with wfCash contract.

Or at least give investors the option to decide if matured wfCash components should be redeemed or the settled market assets (cDai, cUSDC,...).

[ckoopmann]

Duplicate of: https://github.com/code-423n4/2022-06-notional-coop-findings/issues/154

I labeled this one as a duplicate, even though it contains actual scenarios where this might arise, because I had already begun a discussion on the other issue. @Judges: Feel free to change the definition of which of these issues should be considered a duplicate.