search

hats-finance / illuminex-0x0bb4aa1f58719707405c231fcdf0b405714799cf

0 stars 1 forks source link

VaultBitcoinWallet : user could not able to withdraw in some cases. This needs admin intervention to resolve #73

Open hats-bug-reporter[bot] opened 2 months ago

hats-bug-reporter[bot] commented 2 months ago

Github username: -- Twitter username: -- Submission hash (on-chain): 0xf21fe0b0099dadc768a5cb1d351821bfa0002d27c9789bec309d488ccd7d72ad Severity: medium

Description: Description\

In the current implementation, user can depoit any amount of BTC and gets the token minted. There is no minimum deposit threshold to this.

whereas, in order to withdraw, user might have the minWithdrawalLimit balance in their account to withdraw. This poses hurdles on the user interaction with protocol. this would lead to locking of funds temporarily.

Lets see the following secnario:

the current minWithdrawalLimit is set as 700.

secnario 1:

User may not aware of the minWithdrawalLimit and deposit 500 BTC. They don't have further BTC to deposit. Later if they want to withdraw, they can not withdraw. They have to wait till the minWithdrawalLimit is relaxed by the admin.

secnario 2:

User deposit 1200 BTC. First they initiate withdrawal of 710 BTC, the transaction will go through as it passes the min withdrawal threshold. After some time, the user want to withdraw the BTC fully, but this will not happen, as their account balance is lesser than the min threshold value.

Impact

User can not withdraw their deposited funds fully. They have to deposit extra to cover the min threshold. if they don't have fund, they can not increase the balance and withdraw reamining funds. User funds would stuck temporarily till the admin relax the minWithdrawalLimit

  1. Revised Code File (Optional)

One of the reason to have the minWithdrawalLimit is avoid flooding of the withdraw queue by intiating the withdrawal. But, this has the other negative impact as described above.

One solution could be, minWithdrawalLimit could be fully relaxed if user want to withdraw their funds fully. For other cases, the minWithdrawalLimit check could be imposed.

aktech297 commented 2 months ago

@rotcivegaf

aktech297 commented 2 months ago

@party-for-illuminati can you please explain why this is invalid.

party-for-illuminati commented 2 months ago

@party-for-illuminati can you please explain why this is invalid.

Its not an issue because it works like this by design, that's what minimum withdrawal amount is for