search

sherlock-audit / 2022-10-illuminate-judging

3 stars 0 forks source link

__141345__ - Hardcoded slippage control #200

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

141345

high

Hardcoded slippage control

Summary

In ERC5095, a hardcoded slippage control of 99% is used. However, the underlying yield tokens price may go down. If severe market condition like Luna/UST happen again, users' funds may get locked.

Vulnerability Detail

With hardcoded slippage control, in market collapse, there is nothing to do but watch the numbers take a deep dive.

Impact

Users fund get lock, and lose value. Redeem/withdraw functions won't work due to the strict slippage control.

Due to the possibility of big fund loss and lock during emergency markets condition, it could be high severity issue.

Code Snippet

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/tokens/ERC5095.sol#L162-L167

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/tokens/ERC5095.sol#L194-L199

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/tokens/ERC5095.sol#L219-L224

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/tokens/ERC5095.sol#L240-L245

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/tokens/ERC5095.sol#L294-L299

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/tokens/ERC5095.sol#L309-L314

Tool used

Manual Review

Recommendation

Duplicate of #181

141345 commented 1 year ago

Escalate for 21 USDC

Duplicate of https://github.com/sherlock-audit/2022-10-illuminate-judging/issues/114

sherlock-admin commented 1 year ago

Escalate for 21 USDC

Duplicate of https://github.com/sherlock-audit/2022-10-illuminate-judging/issues/114

You've created a valid escalation for 21 USDC!

To remove the escalation from consideration: Delete your comment. To change the amount you've staked on this escalation: Edit your comment (do not create a new comment).

You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.