User can prevent having a low CR short record redeemed.
Proof of Concept
Suppose Alice has the next short record in line for redemption. In order to avoid being redeemed against she can increaseCollateral() (1 wei per hour) in order to set the updatedAt field and then propose a redemption, which, except for excluding hers, which the lowest collateral ratio, is correct. Since she keeps updating her short record, this cannot be disputed. Since her redemption will then pass and be claimable, the redemption fee increase causes redemption to no longer be profitable and others will not propose a new redemption (immediately) against her short record.
Lines of code
https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/RedemptionFacet.sol#L259
Vulnerability details
Impact
User can prevent having a low CR short record redeemed.
Proof of Concept
Suppose Alice has the next short record in line for redemption. In order to avoid being redeemed against she can
increaseCollateral()
(1 wei per hour) in order to set theupdatedAt
field and then propose a redemption, which, except for excluding hers, which the lowest collateral ratio, is correct. Since she keeps updating her short record, this cannot be disputed. Since her redemption will then pass and be claimable, the redemption fee increase causes redemption to no longer be profitable and others will not propose a new redemption (immediately) against her short record.Recommended Mitigation Steps
Set minimum collateral increase amount.
Assessed type
DoS