Users can send dust amounts to prevent null epochs
Summary
Protocol does not provide investors with sufficient information about the risks. This could prevent users from participating when vaults are empty.
Vulnerability Detail
When either the collateral or premium vault is empty, the vault participants basically get no reward while they take on the risk of a depeg. This is circumvented by the protocol by using the triggerNullEpoch function on the controller, where if any party is empty, the insurance contract is essentially terminated, and the payee gets to claim back their funds. This function to trigger the null epoch can be called only after the epoch start time has already passed.
A user can grief the system by sending dust amounts right before the epoch start time. This would give the user very low risk reward, since the user only risks a tiny dust amount of assets, and stains to gain the entire premium or collateral in case of a win. The other party, either the premium or collateral holders, now have no recourse since null epoch wont trigger since a dust amount is present in the counterparty vault. This gives these normal investors a very high risk reward ratio, since they take on the risk but effectively gain no rewards since the counterparty vault has dust amounts.
From a game-theory perspective, this lead to a standoff between premium and collateral providers whenever a fresh epoch is created, with zero balances. Premium suppliers would not risk their premium for dust amounts of collateral coverage, and would thus wait until the collateral vault reaches a large size, while collateral providers would go generate yield from other protocols, seeing premiums are currently zero. This would lead to a situation where the protocol is not used, and the insurance is not provided.
Impact
Users would not risk their assets to a griefer funding with dust amounts in the counterparty vault.
Instead of checking for zero amount in the premium and collateral vaults, check instead for a minimum amount. This would cancel the insurance contract if a minimum amount of liquidity is not met, and would prevent griefing attacks.
carrot
medium
Users can send dust amounts to prevent null epochs
Summary
Protocol does not provide investors with sufficient information about the risks. This could prevent users from participating when vaults are empty.
Vulnerability Detail
When either the collateral or premium vault is empty, the vault participants basically get no reward while they take on the risk of a depeg. This is circumvented by the protocol by using the
triggerNullEpochfunction on the controller, where if any party is empty, the insurance contract is essentially terminated, and the payee gets to claim back their funds. This function to trigger the null epoch can be called only after the epoch start time has already passed.A user can grief the system by sending dust amounts right before the epoch start time. This would give the user very low risk reward, since the user only risks a tiny dust amount of assets, and stains to gain the entire premium or collateral in case of a win. The other party, either the premium or collateral holders, now have no recourse since null epoch wont trigger since a dust amount is present in the counterparty vault. This gives these normal investors a very high risk reward ratio, since they take on the risk but effectively gain no rewards since the counterparty vault has dust amounts.
From a game-theory perspective, this lead to a standoff between premium and collateral providers whenever a fresh epoch is created, with zero balances. Premium suppliers would not risk their premium for dust amounts of collateral coverage, and would thus wait until the collateral vault reaches a large size, while collateral providers would go generate yield from other protocols, seeing premiums are currently zero. This would lead to a situation where the protocol is not used, and the insurance is not provided.
Impact
Users would not risk their assets to a griefer funding with dust amounts in the counterparty vault.
Code Snippet
https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Controllers/ControllerPeggedAssetV2.sol#L232 https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Controllers/ControllerPeggedAssetV2.sol#L243
Tool used
Manual Review
Recommendation
Instead of checking for zero amount in the premium and collateral vaults, check instead for a minimum amount. This would cancel the insurance contract if a minimum amount of liquidity is not met, and would prevent griefing attacks.