search

code-423n4 / 2023-10-asymmetry-mitigation-findings

0 stars 0 forks source link

M-04 MitigationConfirmed #37

Open c4-submissions opened 1 year ago

c4-submissions commented 1 year ago

Lines of code

Vulnerability details

Mitigation of M-04: Issue mitigated

Link to Issue: https://github.com/code-423n4/2023-09-asymmetry-findings/issues/49

Comments

The updated algorithm now first checks if the current available CVX is enough, before looping through the locked balances in Convex.

81:         uint256 totalLockedBalancePlusUnlockable = unlockable +
82:             trackedCvxBalance;
83: 
84:         if (totalLockedBalancePlusUnlockable >= cvxUnlockObligations) {
85:             withdrawIdToWithdrawRequestInfo[
86:                 latestWithdrawId
87:             ] = WithdrawRequestInfo({
88:                 cvxOwed: cvxAmount,
89:                 withdrawn: false,
90:                 epoch: currentEpoch + 1,
91:                 owner: msg.sender
92:             });
93:             emit WithdrawRequest(msg.sender, cvxAmount, latestWithdrawId);
94: 
95:             return latestWithdrawId;
96:         }

Note that the withdrawals are still delayed until the next epoch. This may not always imply a significant delay in the withdrawal, as the withdrawal can be executed near the end of the epoch, which will only delay things for the rest of the period. This issue is explored in detail in [ADRIRO-NEW-H-01] (VotiumStrategy withdrawal can still be executed with minimal delay).

c4-judge commented 1 year ago

0xleastwood marked the issue as confirmed for report

c4-judge commented 1 year ago

0xleastwood marked the issue as satisfactory