code423n4 commented 1 year ago

Lines of code

Vulnerability details

This issue is mitigated.

Explanation of found problem

In case if RSR token should be used for trading, then it's prices are fetched using price function. This function will return low price as 0 in case if oracle is not available. Because of that, all this RSR can be sold for 0 amount in the auction.

How it was fixed

As proposed by warden, Reserve team don't use price function to fetch RSR price, but uses lotPrice only. This will make use of previously stored prices, in case of oracle timeout, which will not allow to sell RSR for 0 amount.

c4-judge commented 1 year ago

0xean marked the issue as satisfactory

c4-judge commented 1 year ago

0xean marked the issue as confirmed for report

code-423n4 / 2023-08-reserve-mitigation-findings

M-06 MitigationConfirmed #13

Lines of code

Vulnerability details

This issue is mitigated.

Explanation of found problem

How it was fixed