Users can never redeem their USDC tokens

Summary

User can never redeem their USDC tokens in case it's deposited into the PerpDepository.sol, which is the default depository.

Vulnerability Detail

Users may want to redeem their USDC by providing their UXD tokens they got previously in the minting process. They won't be able to redeem their USDC because the redeem function PerpDepository.sol always reverts if the asset == quoteToken (USDC).

Anytime a user wants to redeem this is the flow: 1) A user calls the external redeem function in UXCController.sol 2) _redeem internal function is triggered 3) onlyController protected redeem function in the depository contract is being called with the requested assets and amount to redeem. 4) Since the requested asset is USDC (aka quoteToken) the function will revert with QuoteRedeemDisabled(msg.sender); error

Impact

Users can never redeem their deposited USDC tokens.

Code Snippet

https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/core/UXDController.sol#L276 https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/core/UXDController.sol#L328 https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/integrations/perp/PerpDepository.sol#L272-L274

Tool used

Manual Review

Recommendation

Allow USDC redeeming on the depository contract.

Duplicate of #165

sherlock-audit / 2023-01-uxd-judging

JohnnyTime - Users can never redeem their USDC tokens #419