ADD-04 MitigationConfirmed

[c4-bot-9]

Lines of code

Vulnerability details

See:

Finding	Mitigation
ADD-04	Pull Request

Navigating to this report from the previous contest we can see that there is an issue in the throttle mechanism of the RToken contract, where the throttle is not updated properly when dissolving or melting RTokens during recollateralization or in the BackingManager. This leads to the throttle value becoming lower than it should be, potentially affecting future issuance and redemption. The issue arises because the throttle is not updated before the total supply changes in these specific cases. As a result, the available amount for issuance and redemption can be significantly reduced. The recommended mitigation is to update the throttle in the dissolve and melt functions before changing the total supply, using the original total supply value. This has been sufficiently mitigated in the pull request used to solve this, considering the suggested lines from the report have been applied, i.e:

uint256 supply = totalSupply();
uint256 amount = 0;
issuanceThrottle.useAvailable(supply, -int256(amount));
redemptionThrottle.useAvailable(supply, int256(amount));

[c4-judge]

thereksfour marked the issue as satisfactory