search

code-423n4 / 2023-08-reserve-mitigation-findings

0 stars 0 forks source link

H-02 MitigationConfirmed #8

Open code423n4 opened 1 year ago

code423n4 commented 1 year ago

Lines of code

Vulnerability details

Comments

According to the sponsor comments under the issue https://github.com/code-423n4/2023-06-reserve-findings/issues/2 , there is not a perfect idea to avoid this issue completely without significant code changes.

The migration add a resetStakes() function which can be only called by governance. The idea is that the stRSR is also the votes of the governance. So stakers can mostly withdraw, and since governance thresholds are all percentage, vote to immolate themselves and re-start the staking pool.

The function permission check is correct for requireGovernanceOnly(), and the stakeRate is also checked correctly:

        require(
            stakeRate <= MIN_SAFE_STAKE_RATE || stakeRate >= MAX_SAFE_STAKE_RATE,
            "rate still safe"
        );
c4-judge commented 1 year ago

0xean marked the issue as satisfactory