Open code423n4 opened 1 year ago
I believe the sponsor is aware that there is no perfect solution here and certainly welcome their comments. @c4-sponsor
0xean marked the issue as satisfactory
IMO, I think this kind of risk is acceptable. It's by design.
tbrent marked the issue as sponsor acknowledged
tbrent marked the issue as disagree with severity
We are aware there is no perfect solution here and do not see a better way to do it. Appreciation means there is no way to prevent the system from eventually reaching a "too high" state, whether that "too high" is a hard limit or a soft limit. We think this is likely QA.
0xean changed the severity to QA (Quality Assurance)
0xean marked the issue as grade-a
Lines of code
https://github.com/reserve-protocol/protocol/blob/99d9db72e04db29f8e80e50a78b16a0b475d79f3/contracts/p1/StRSR.sol#L490-L500
Vulnerability details
In case the protocol is in a situation where the remaining value is borderline worth resetting, we might enter a state where for a long time users won't stake in fear that a reset might be executed. This will keep going on till either a reset is executed or enough is staked to exit the borderline situation.
Assessed type
Other