Issue was that when oracle timeouts the protocol might use 0 as the minimum price for selling RSR.
Protocol switched to using lotPrice() which will decay over time, which better suits the situation (the more time passes the less we can be confident the price remained the same, and therefore it's justified to sell for zero after a week).
Lines of code
Vulnerability details
Issue was that when oracle timeouts the protocol might use 0 as the minimum price for selling RSR. Protocol switched to using
lotPrice()
which will decay over time, which better suits the situation (the more time passes the less we can be confident the price remained the same, and therefore it's justified to sell for zero after a week).