Impact
The vulnerability identified in the Reserve Protocol's use of RTokens as collateral presents a significant risk of cascading instability. If a depeg event occurs in one RToken, it can trigger a chain reaction of value drops and liquidations across the ecosystem, potentially leading to widespread losses and market instability.
Proof of Concept
Illustration:
Creating and Collateralizing RToken:
An RToken (let's call it RToken-A) is created and backed by a basket of assets, such as other stablecoins, commodities, and tokenized real-world assets.
RToken-A is overcollateralized with Reserve Rights (RSR) to protect against the risk of the collateral losing value.
Using RToken as Collateral:
RToken-A is used as collateral in another DeFi protocol or to create a new RToken (for example, RToken-B).
Depeg Event in RToken-A:
A major market event causes one of the assets backing RToken-A to lose value, leading to a depeg. For instance, if one of the stablecoins in the collateral loses its peg, RToken-A will start trading below its expected value.
Arbitrage traders try to restore RToken-A's value by redeeming it for the underlying assets, but because one asset has lost value, they can't fully restore the peg.
Cascading Depeg in RToken-B:
Since RToken-A is used as collateral for RToken-B, the depeg of RToken-A affects the value and stability of RToken-B.
The drop in RToken-A's value reduces the collateral value of RToken-B, which could trigger liquidations or further depegs in RToken-B.
Increased Volatility:
The complex pegging system amplifies the impact of the initial depeg event. As the value of RToken-B drops, it might also be used as collateral in other protocols, creating a feedback loop of instability across the system.
Recommended Mitigation Steps
Diversify Collateral: Increase the diversity and robustness of the assets backing RTokens to minimize the impact of a single asset depegging.
Risk Monitoring: Implement continuous risk monitoring and early intervention mechanisms for assets showing signs of potential depeg.
Collateral Use Restrictions: Limit the use of RTokens as collateral in multi-layered DeFi structures to prevent cascading effects in the event of a depeg.
Lines of code
https://github.com/code-423n4/2024-07-reserve/blob/3f133997e186465f4904553b0f8e86ecb7bbacbf/contracts/p1/AssetRegistry.sol#L78-L80 https://github.com/code-423n4/2024-07-reserve/blob/3f133997e186465f4904553b0f8e86ecb7bbacbf/contracts/p1/BasketHandler.sol#L108-L131
Vulnerability details
Impact The vulnerability identified in the Reserve Protocol's use of RTokens as collateral presents a significant risk of cascading instability. If a depeg event occurs in one RToken, it can trigger a chain reaction of value drops and liquidations across the ecosystem, potentially leading to widespread losses and market instability.
Proof of Concept Illustration: Creating and Collateralizing RToken: An RToken (let's call it RToken-A) is created and backed by a basket of assets, such as other stablecoins, commodities, and tokenized real-world assets. RToken-A is overcollateralized with Reserve Rights (RSR) to protect against the risk of the collateral losing value.
Using RToken as Collateral: RToken-A is used as collateral in another DeFi protocol or to create a new RToken (for example, RToken-B).
Depeg Event in RToken-A: A major market event causes one of the assets backing RToken-A to lose value, leading to a depeg. For instance, if one of the stablecoins in the collateral loses its peg, RToken-A will start trading below its expected value. Arbitrage traders try to restore RToken-A's value by redeeming it for the underlying assets, but because one asset has lost value, they can't fully restore the peg.
Cascading Depeg in RToken-B: Since RToken-A is used as collateral for RToken-B, the depeg of RToken-A affects the value and stability of RToken-B. The drop in RToken-A's value reduces the collateral value of RToken-B, which could trigger liquidations or further depegs in RToken-B.
Increased Volatility: The complex pegging system amplifies the impact of the initial depeg event. As the value of RToken-B drops, it might also be used as collateral in other protocols, creating a feedback loop of instability across the system.
Recommended Mitigation Steps Diversify Collateral: Increase the diversity and robustness of the assets backing RTokens to minimize the impact of a single asset depegging. Risk Monitoring: Implement continuous risk monitoring and early intervention mechanisms for assets showing signs of potential depeg. Collateral Use Restrictions: Limit the use of RTokens as collateral in multi-layered DeFi structures to prevent cascading effects in the event of a depeg.
Assessed type
Other