Lack of reserve ratio check in sendPortfolio/receivePortfolio allows undercollateralized transfers
Summary
The sendPortfolio and receivePortfolio functions in Unitas lacks a crucial reserve ratio check, potentially exposing the protocol to a vulnerability. This function allows the protocol to transfer tokens without verifying the reserve ratio, which could lead to undercollateralization if tokens are transferred when the reserve ratio is not maintained.
Vulnerability Detail
The sendPortfolio and receivePortfolio functions in Unitas transfer tokens without explicitly checking the reserve ratio. This oversight allows the protocol to transfer tokens from its holdings even if the reserve ratio is not met.
Impact
The absence of a reserve ratio check in the sendPortfolio and receivePortfolio functions could result in the protocol becoming undercollateralized. If the function is used to transfer tokens when the reserve ratio is not maintained, it could lead to a situation where the protocol's assets are insufficient to cover its liabilities, jeopardizing its stability and solvency.
It is recommended to implement a reserve ratio check in the sendPortfolio and receivePortfolio functions similar to the one performed in the swap function. This check will ensure that transfers are only made when the required reserve ratio is maintained. By incorporating this safeguard, the protocol can avoid undercollateralization risks and maintain the integrity of its reserves, enhancing the overall stability and security of the system.
mau
medium
Lack of reserve ratio check in sendPortfolio/receivePortfolio allows undercollateralized transfers
Summary
The
sendPortfolioandreceivePortfoliofunctions inUnitaslacks a crucial reserve ratio check, potentially exposing the protocol to a vulnerability. This function allows the protocol to transfer tokens without verifying the reserve ratio, which could lead to undercollateralization if tokens are transferred when the reserve ratio is not maintained.Vulnerability Detail
The
sendPortfolioandreceivePortfoliofunctions inUnitastransfer tokens without explicitly checking the reserve ratio. This oversight allows the protocol to transfer tokens from its holdings even if the reserve ratio is not met.Impact
The absence of a reserve ratio check in the
sendPortfolioandreceivePortfoliofunctions could result in the protocol becoming undercollateralized. If the function is used to transfer tokens when the reserve ratio is not maintained, it could lead to a situation where the protocol's assets are insufficient to cover its liabilities, jeopardizing its stability and solvency.Code Snippet
https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/d5328421bea80e3b0fd4595e4eb6b732a40e421e/Unitas-Protocol/src/Unitas.sol#L258 https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/d5328421bea80e3b0fd4595e4eb6b732a40e421e/Unitas-Protocol/src/Unitas.sol#LL244C1-L244C1
Tool used
Manual Review
Recommendation
It is recommended to implement a reserve ratio check in the
sendPortfolioandreceivePortfoliofunctions similar to the one performed in theswapfunction. This check will ensure that transfers are only made when the required reserve ratio is maintained. By incorporating this safeguard, the protocol can avoid undercollateralization risks and maintain the integrity of its reserves, enhancing the overall stability and security of the system.