c4-sponsor
commented
1 year ago tbrent marked the issue as sponsor confirmed
Open code423n4 opened 1 year ago
c4-sponsor
commented
1 year ago tbrent marked the issue as sponsor confirmed
tbrent
commented
1 year ago Anticipating adding a try-catch at the start of setDistribution() targeting RevenueTrader.distributeTokenToBuy()
rvierdiiev
commented
1 year ago i have described same thing here, but marked as mitigated
c4-judge
commented
1 year ago 0xean marked the issue as satisfactory
c4-judge
commented
1 year ago 0xean marked the issue as primary issue
c4-judge
commented
1 year ago 0xean marked the issue as selected for report
pmckelvy1
commented
10 months ago Anticipating adding a try-catch at the start of
setDistribution()targetingRevenueTrader.distributeTokenToBuy()
added here: https://github.com/reserve-protocol/protocol/blob/3.1.0/contracts/p1/Distributor.sol#L59
Lines of code
https://github.com/reserve-protocol/protocol/blob/99d9db72e04db29f8e80e50a78b16a0b475d79f3/contracts/p1/Distributor.sol#L59-L63
Vulnerability details
Mitigation does solve the issue, however there’s a wider issue here that funds aren’t distributed before set distribution is executed. Fully mitigating the issue might not be possible, as it’d require to send from the backing manager to revenue trader and sell all assets for the
tokenToBuy. But we can at least distribute the current balance before changing the distribution.Assessed type
Other