Closed c4-bot-9 closed 10 months ago
0xSorryNotSorry
commented
11 months ago the contract issues transferable ERC20 tokens, redeemable for the initially staked CREDIT.
Not correct.
In addition, the submission doesn't provide the demonstration of the issue.
c4-pre-sort
commented
11 months ago 0xSorryNotSorry marked the issue as insufficient quality report
c4-judge
commented
10 months ago Trumpero marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/2376d9af792584e3d15ec9c32578daa33bb56b43/src/tokens/GuildToken.sol#L169
Vulnerability details
Overview of GUILD Token Transfer Mechanism
GUILD tokens can be transferred using a wrapper token contract. This contract accepts minted GUILD tokens when users stake their CREDIT through the stake function in SurplusGuildMinter.sol. In return, the contract issues transferable ERC20 tokens, redeemable for the initially staked CREDIT.
Wrapper Contract Functions and Incentives
The wrapper contract enables holders of its transferable token to veto proposals and de-list lending terms without incurring any risk. The cost to undertake these activities equates to the expense of borrowing the necessary wrapped GUILD tokens from a lending market briefly. While this cost may be minor, it is enough to encourage CREDIT holders who abstain from other governance activities to deposit their CREDIT for the yield earned by lending the resultant transferable tokens. This yield is derived not only from malicious borrowers intending to disrupt the Ethereum Credit Guild (ECG) but also from legitimate users who value the convenience of being able to temporarily borrow wrapped GUILD temporarily to veto an actually harmful proposal.
Rationality and Vulnerability in Token Utilization
This vulnerability does not depend on the malice of CREDIT holders, but on their rationality. They might wrap and lend their CREDIT to earn yields, knowing that their actions alone won't significantly impact the ECG's vulnerability to denial of service (DoS) attacks as they can not control the actions of other CREDIT holders. This attitude stems from the "tragedy of the commons," where individuals act in their interest, assuming they can't prevent others from doing the same, thus contributing to the collective issue inadvertently. The process remains attractive despite the emergent negative impact on ECG, due to the yield individual holders of CREDIT can earn, highlighting a critical systemic vulnerability.
Rationale for high severity
Mass malicious off-boarding of all loan terms simultaneously could result in high price impact during collateral liquidation auctions. This will impact borrowers who are either not online or do not have capital available to repay their loan before it is liquidated by arbs. This would occur if ECG is sufficiently capitalised relative to the available short term liquidity for all terms, resulting in borrowers losing some of their principal (collateral) in the process due to aforementioned price impact.
Importantly, liquidation of all terms simultaneously can result in higher price impact than what would occur due to each term being liquidated in isolation, because all terms are bottle-necked by the liquidity available for the CREDIT token itself, even if the liquidity of the term's collateral is sufficient.
This is why even if terms were configured so that each term's mint cap does not exceed spot market liquidation capacity for the term's collateral over the duration of the liquidation period, liquidating all terms simultaneously could still cause bad debt and high price impact as a result of the liquidity of the CREDIT token not being sufficient to accommodate liquidation of all terms simultaneously.
Impact
Proof of Concept
Recommended Mitigation Steps
Assessed type
Other