c4-judge
commented
6 months ago Picodes marked the issue as satisfactory
Open c4-bot-9 opened 7 months ago
c4-judge
commented
6 months ago Picodes marked the issue as satisfactory
Lines of code
Vulnerability details
C4 Issue
https://github.com/code-423n4/2024-01-salty-findings/issues/324
Comments
The issue describes how the DAO contract is designed to interact exclusively with SALT tokens, rendering it incapable of managing other tokens like USDS or DAI. This limitation poses a risk where tokens other than SALT, accidentally received into the DAO's balance during upkeep processes, could become irretrievable and thus effectively lost. This issue specifically arises when the DAO participates in arbitrage opportunities, converting a portion of the profits into POL for pools such as USDS/DAI and SALT/USDS.
Mitigation
https://github.com/othernet-global/salty-io/commit/eaf40ef0fa27314c6e674db6830990df68e5d70e
The mitigation for this issue revolved around the deprecation of number of key components including the removal of the overcollateralized USDS stablecoin framework, which also meant borrowing of USDS no longer exists. POL itself was also deprecated due to a number of reasons, one of which is that it was no longer needed to cover bad debt or shortfalls in USDS, since there will be none. As a consequence all logic related to POL was removed from upkeep.
Conclusion
LGTM