code-423n4 / 2024-03-saltyio-mitigation-findings

0 stars 0 forks source link

H-06 MitigationConfirmed #46

Open c4-bot-6 opened 8 months ago

c4-bot-6 commented 8 months ago

Lines of code

Vulnerability details

C4 Issue

https://github.com/code-423n4/2024-01-salty-findings/issues/137

Comments

The core issue arises from the mechanism within the Liquidizer contract for handling USDS repayments, where repaid USDS is earmarked for burning but not immediately destroyed. Instead, the amount to be burnt is tracked and increased with each repayment, but without a corresponding increase in the Liquidizer's actual USDS balance. During upkeep, if the Liquidizer lacks sufficient USDS to burn the tracked amount, it resorts to liquidating Protocol Owned Liquidity (POL) to obtain USDS for burning, aiming to manage bad debt from liquidations. This system, inherently reliant on POL to cover any shortfall in USDS, risks depleting POL reserves. If POL is exhausted, the protocol faces a critical inability to cover bad debt, potentially destabilizing USDS's value.

Mitigation

https://github.com/othernet-global/salty-io/commit/8e3231d3f444e9851881d642d6dd03021fade5ed

The mitigation for this issue revolved around the deprecation of number of key components including the removal of the overcollateralized USDS stablecoin framework, which also meant borrowing of USDS no longer exists. POL itself was also deprecated due to a number of reasons, one of which is that it was no longer needed to cover bad debt, since there will be none.

Conclusion

LGTM

c4-judge commented 8 months ago

Picodes marked the issue as satisfactory