Mitigation of M-07: Issue not mitigated

[code423n4]

MITIGATION IS NOT CONFIRMED

MITIGATION IS NOT CONFIRMED

Mitigation of M-07: Issue not mitigated

Link to Issue: https://github.com/code-423n4/2023-03-asymmetry-findings/issues/765

Comments

While the principal issue for M-07 described a de-peg scenario, which eventually was interpreted as a "black swan" event, I do think the issue is still valid for the reasons described below.

Technical Details

Even though the issue is being taken as a critical de-peg scenario, there are at least two different scenarios that are relevant to it:

1. A de-peg of one of the derivatives doesn't imply a "black swan" event and also doesn't imply a de-peg of other derivatives. For example frxETH can fail because of a protocol issue or a problem in their algorithmic model.

2. The issue is still relevant during normal calls to rebalanceToWeights() as the implementation is too inefficient. This is described in a duplicated issue here https://github.com/code-423n4/2023-03-asymmetry-findings/issues/589 (disclaimer: this is my submission but there are others duplicated which point the same). This is even mentioned by the judge in the following comment: https://github.com/code-423n4/2023-03-asymmetry-findings/issues/765#issuecomment-1514766697

Note that even without black swan event, calling rebalanceToWeights would likely lead to a significant loss due to the current ineffective implementation. But there is no specific need to call this action unless the owner or the DAO wants to force the rebalancing.

Given these reasons, I think the issue is relevant and should be mitigated.

Recommendation

There are multiple recommendations throughout all the set of duplicated issues, but the general guidelines point towards using a more efficient implementation that considers:

• Rebalance on deltas instead of swapping full amounts.
• Do partial re-weights (i.e. 10% of TVL).
• Use pools to directly swap one derivative for the other.

[toshiSat]

Valid, we plan on fixing this, but moreso for V2