c4-judge
commented
1 year ago 0xean marked the issue as satisfactory
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago 0xean marked the issue as satisfactory
Lines of code
Vulnerability details
This issue is mitigated.
Explanation of found problem
The purpose of RevenueTrader is to trade revenue tokens into
buyToken. In case if rToken is going to be sold, function callsmelt, which burns some amount of RToken, which increases rate and price. But this will be called only if registry was not refreshed in same block. As result, anyone could frontrunmanageTokenfunction with call to theassetRegistry.refreshin order to not allow to melt rToken and make sellPrice to be lower.Actually, i don't think that this move will be reflected in the oracle. Because, as you know oracle like chainlink have deviation, which means that price will be updated only when it will change by some percentage. Even if melting will change price for that deviation, which is unlikely, this price will not be updated in the oracle on the moment of trade.
How it was fixed
Reserve team has changed
manageTokenfunction tomanageTokensand it processes several tokens at same time. In case if any of tokens isrToken, then melting will be done, no matter if asset registry was refreshed or not.