c4-judge
commented
1 year ago 0xean marked the issue as satisfactory
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago 0xean marked the issue as satisfactory
Lines of code
Vulnerability details
This issue is mitigated.
Explanation of found problem
The purpose of StRSR contract is to collect RSR tokens, that earn revenue, but can be seized by BackingManager. StRSR contract operates with eras. There are stake and draft eras. When RSR is seized, then it changes stakeRate and draftRate. There is mechanism inside StRSR contract that will start new era and/or new draft era in case if any of rates is out of range, which is 1e9. The assumption here is that when rate becomes so big, then it means that almost all amount was seized. Warden has found, that it's possible, that when such rate becomes, then it's possible that there is still a lot of funds in the contract, because it's possible that such rate was increased not by once seizure. As result of this, users can lose funds.
How it was fixed
Reserve team has created additional function, that can be called by governance. This function can be called after seizure by stakers in order to start new era earlier. As it is governance function, that means that users should vote to do so. This will start new stake and draft era. As result, in case if seizure occurs, that is less than 1e9, but almost all funds were seized, then users can vote to start new era in order to not have risk of problem, described in the report.