c4-judge
commented
10 months ago fatherGoose1 marked the issue as duplicate of #198
Closed c4-judge closed 10 months ago
c4-judge
commented
10 months ago fatherGoose1 marked the issue as duplicate of #198
c4-judge
commented
10 months ago fatherGoose1 marked the issue as satisfactory
Judge has assessed an item in Issue #583 as 2 risk. The relevant finding follows:
Setting StakedUSDeV2’s cooldownDuration variable from non-zero to zero should remove any existing cooldowns If the admin calls StakedUSDeV2#setCooldownDuration to set cooldownDuration to 0, users that have recently called either cooldownAssets or cooldownShares will still have to wait for the remainder of the previous cooldown duration to access their assets (USDe). This provides a poor user experience and is likely unintended.
A simple fix is to alter unstake to allow withdrawals from the silo whenever cooldownDuration is equal to 0.
function unstake(address receiver) external { UserCooldown storage userCooldown = cooldowns[msg.sender]; uint256 assets = userCooldown.underlyingAmount;
if (block.timestamp >= userCooldown.cooldownEnd || cooldownDuration == 0) { userCooldown.cooldownEnd = 0; userCooldown.underlyingAmount = 0;
silo.withdraw(receiver, assets); } else { revert InvalidCooldown(); } } https://github.com/code-423n4/2023-10-ethena/blob/main/contracts/StakedUSDeV2.sol#L78-L90