Open hats-bug-reporter[bot] opened 1 year ago
There was already similar issue. You can always burn osETH or buy it from the secondary market to increase your position health or withdraw
There was already similar issue. You can always burn osETH or buy it from the secondary market to increase your position health or withdraw
but in that case,
user is forced to pay the fee because the fee always applies to user's position.shares
also I did not see any similar submission before o(╥﹏╥)o before the last 105 submission
Github username: @JeffCX Submission hash (on-chain): 0x3ebb48540b920995a22e6f1f0d4d48bce2d1ad3687238cf86e9ca3a8e54c163c Severity: medium
Description: Description\
When the vault capacity is reached, user cannot deposit ETH to make his account healthy
Attack Scenario\
In the current implementation,
the vault admin can permissionless deploy the vault and set the vault capacity
the amount of user deposit is capped by the vault capacity and the vault capacity cannot be changed
after user deposit ETH to mint vault share, user can also choose to mint OSToken to increase the position share
when user hold the OSToken, user may subject to liquidation
to make account health,
user have two option
once the vault capcity is reached, option one is gone
user cannot deposit more ETH (add more collateral) to make account health
the only option left for user is to burn OSToken to reduce the shares
but the problem is that fee is still accumulated in the position.shares even when user cannot deposit more ETH when position.shares is burned in BurnOSTOken
so user can never burn the full position.shares and force to consistently pay the fee and this may just leads to liquidation
user cannot really wait for someone to redeem / withdraw to make the vault balance not hit the capactiy because liqudation can comes first once the position.shares appliess
Attachments
described above
make the vault capacity adjustable and always give user option to increase the ETH collateral