Closed c4-bot-1 closed 8 months ago
0xSorryNotSorry marked the issue as sufficient quality report
0xSorryNotSorry marked the issue as primary issue
Acknowledging this and suggest we decrease to Low, there won't be any mitigation as governance is expected to propose parameter updates regularly (such as SGM mint and reward ratio, veto for quorums, etc) as the protocol lives and creditMultiplier changes or more GUILD enters circulation.
eswak marked the issue as disagree with severity
eswak (sponsor) acknowledged
Trumpero changed the severity to QA (Quality Assurance)
Trumpero marked the issue as grade-a
Trumpero marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/2376d9af792584e3d15ec9c32578daa33bb56b43/src/loan/SurplusGuildMinter.sol#L24
Vulnerability details
Impact
Credit multiplier changes are not reflected by the effective cost of Guild voting power in the SurplusGuildMinter. This disincentivizes long term staking and reduces the inherent value of Guild.
Proof of Concept
Unlike other contracts in the system, SurplusGuildMinter doesn't reference the Credit multiplier to value Credit as used with the protocol. Instead, it simply uses the mintRatio to define an amount of Guild voting power to receive per Credit staked.
The result is that the same amount of Guild voting power can be achieved with a decreasing amount of underlying peg token over time as the multiplier decreases.
The value of Guild is based upon its voting power. Since it costs less underlying tokens to get the same amount of Guild voting power over time, the inherent value of Guild decreases as the Credit multiplier decreases.
Tools Used
Recommended Mitigation Steps
Reference the Credit multiplier in computing the amount of Guild voting power to receive when staking a given amount of Credit.
Assessed type
Other