Impact
Failing to ensure that tradingDelay and backingBuffer are set within valid ranges can lead to improper functioning of the contract. This could result in delayed trades or insufficient collateral buffers, potentially destabilizing the RToken. Specifically:
An excessively high tradingDelay might prevent timely execution of trades, leading to delays in rebalancing and potential undercollateralization.
An excessively high backingBuffer could impose unnecessarily high collateral requirements, reducing capital efficiency and possibly affecting the protocol's liquidity.
Proof of Concept
Code Reference:
The vulnerable code is located in the setTradingDelay and setBackingBuffer functions:
/// @custom:governance
function setBackingBuffer(uint192 val) public governance {
require(val <= MAX_BACKING_BUFFER, "invalid backingBuffer");
emit BackingBufferSet(backingBuffer, val);
backingBuffer = val;
}
Potential Issues:
Improper tradingDelay: If tradingDelay is set to a value greater than MAX_TRADING_DELAY, it could delay necessary trades indefinitely. This would hinder the protocol's ability to react to market conditions promptly, potentially leading to undercollateralization.
Improper backingBuffer: Setting backingBuffer to a value greater than MAX_BACKING_BUFFER could lead to excessive collateral requirements. This might reduce capital efficiency by locking up more assets than necessary, which could decrease the liquidity and operational efficiency of the protocol.
Screenshot/Logs:
N/A (Conceptual explanation based on code logic).
Tools Used
Manual code review
Solidity documentation
Recommended Mitigation Steps
Strict Validation: Ensure that tradingDelay and backingBuffer values are validated against their respective maximums (MAX_TRADING_DELAY and MAX_BACKING_BUFFER). Additionally, consider validating that the values are within a reasonable range that aligns with the protocol's operational goals.
Unit Tests: Implement comprehensive unit tests to cover edge cases, such as attempting to set values just above or below the maximum allowed limits. This will help ensure that the validation logic is robust and behaves as expected under various scenarios.
Lines of code
https://github.com/code-423n4/2024-07-reserve/blob/3f133997e186465f4904553b0f8e86ecb7bbacbf/contracts/p1/BackingManager.sol#L315
Vulnerability details
Impact Failing to ensure that tradingDelay and backingBuffer are set within valid ranges can lead to improper functioning of the contract. This could result in delayed trades or insufficient collateral buffers, potentially destabilizing the RToken. Specifically:
An excessively high tradingDelay might prevent timely execution of trades, leading to delays in rebalancing and potential undercollateralization. An excessively high backingBuffer could impose unnecessarily high collateral requirements, reducing capital efficiency and possibly affecting the protocol's liquidity. Proof of Concept Code Reference: The vulnerable code is located in the setTradingDelay and setBackingBuffer functions:
solidity Copy code /// @custom:governance function setTradingDelay(uint48 val) public governance { require(val <= MAX_TRADING_DELAY, "invalid tradingDelay"); emit TradingDelaySet(tradingDelay, val); tradingDelay = val; }
/// @custom:governance function setBackingBuffer(uint192 val) public governance { require(val <= MAX_BACKING_BUFFER, "invalid backingBuffer"); emit BackingBufferSet(backingBuffer, val); backingBuffer = val; } Potential Issues: Improper tradingDelay: If tradingDelay is set to a value greater than MAX_TRADING_DELAY, it could delay necessary trades indefinitely. This would hinder the protocol's ability to react to market conditions promptly, potentially leading to undercollateralization.
Improper backingBuffer: Setting backingBuffer to a value greater than MAX_BACKING_BUFFER could lead to excessive collateral requirements. This might reduce capital efficiency by locking up more assets than necessary, which could decrease the liquidity and operational efficiency of the protocol.
Screenshot/Logs: N/A (Conceptual explanation based on code logic).
Tools Used Manual code review Solidity documentation Recommended Mitigation Steps Strict Validation: Ensure that tradingDelay and backingBuffer values are validated against their respective maximums (MAX_TRADING_DELAY and MAX_BACKING_BUFFER). Additionally, consider validating that the values are within a reasonable range that aligns with the protocol's operational goals.
Unit Tests: Implement comprehensive unit tests to cover edge cases, such as attempting to set values just above or below the maximum allowed limits. This will help ensure that the validation logic is robust and behaves as expected under various scenarios.
Assessed type
Other