c4-pre-sort
commented
3 months ago raymondfam marked the issue as sufficient quality report
Closed c4-bot-7 closed 3 months ago
c4-pre-sort
commented
3 months ago raymondfam marked the issue as sufficient quality report
c4-pre-sort
commented
3 months ago raymondfam marked the issue as duplicate of #159
raymondfam
commented
3 months ago See #159.
c4-judge
commented
3 months ago hansfriese marked the issue as unsatisfactory: Out of scope
Lines of code
https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/RedemptionFacet.sol#L259
Vulnerability details
Impact
User can prevent having a low CR short record redeemed.
Proof of Concept
Suppose Alice has the next short record in line for redemption. In order to avoid being redeemed against she can
increaseCollateral()(1 wei per hour) in order to set theupdatedAtfield and then propose a redemption, which, except for excluding hers, which the lowest collateral ratio, is correct. Since she keeps updating her short record, this cannot be disputed. Since her redemption will then pass and be claimable, the redemption fee increase causes redemption to no longer be profitable and others will not propose a new redemption (immediately) against her short record.Recommended Mitigation Steps
Set minimum collateral increase amount.
Assessed type
DoS