Closed sherlock-admin closed 1 year ago
Escalate for 10 USDC
Protocol documentation clearly states that users should be able to withdraw tokens in case the reserve ratio is < 100%.
Consider a scenario when the protocol holds 800 USDT in Unitas
contract and 100 USDT in InsurancePool
, at the same time user holds USD1 tokens for the equivalent value of 1000 USDT. This means that the reserve ratio is 90%.
When user would try to withdraw all USDT - tx would revert since the _swapOut
function would call IInsurancePool#withdrawCollateral
(Line 392) with an amount of 200 USDT while InsurancePool
holds only 100 USDT.
Escalate for 10 USDC Protocol documentation clearly states that users should be able to withdraw tokens in case the reserve ratio is < 100%. Consider a scenario when the protocol holds 800 USDT in
Unitas
contract and 100 USDT inInsurancePool
, at the same time user holds USD1 tokens for the equivalent value of 1000 USDT. This means that the reserve ratio is 90%. When user would try to withdraw all USDT - tx would revert since the_swapOut
function would callIInsurancePool#withdrawCollateral
(Line 392) with an amount of 200 USDT whileInsurancePool
holds only 100 USDT.
You've created a valid escalation for 10 USDC!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
The report describes a intended behavior, not an attack
Seems like a known risk that the protocol could go undercollateralized (<100% reserve ratio), so that is expected. And in that scenario, it's true that a user would need to input a value that is less than or equal to the amount of reserves left in the protocol in order for a withdrawal to succeed. Inputting an amount greater may lead to a revert (haven't verified this fully) and agree that it would be better if instead it simply withdrew whatever was left in the reserves. This could not constitute a Medium issue because the revert can simply be fixed by decreasing the amount to withdraw.
@sashik-eth Let me know if you have any additional evidence to support a Medium here.
Based on this line in the whitepaper:
The Unitas protocol guarantees unrestricted and unconditional conversion of its unitized stablecoins “back” to USD-pegged stablecoins.
I think this issue needs to be duped into the larger category of "breaks unconditional exit" issues.
Escalation accepted
Duplicate of #95
Result: Medium Duplicate of #95
sashik_eth
medium
DOS of withdrawing assets if IP does not have enough reserves
Summary
DOS of withdrawing assets if IP does not have enough reserves.
Vulnerability Detail
Protocol documentation states that users should be able to withdraw assets even if the reserve ratio falls to less than 100%. Reserve ratio accounting includes both - reserve on
Unitas.sol
itself and in Insurance Pool:This means that in case the reserve ratio is < 100% - the sum of all collateral in both contracts would be less than the minted USDx tokens value. This would lead to DOS withdrawing user assets here, since
_swapOut
would revert to trying to withdraw from IP more collateral than it has:Impact
Users would not be able to withdraw collaterals if the reserve ratio is less than 100%.
Code Snippet
https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/Unitas.sol#L392
Tool used
Manual Review
Recommendation
Consider allowing the withdrawal of all left funds in reserves even if reserve ratio is less 100%. This would guarantee that users would be able to withdraw at least some part of the collateral and these funds would not be locked on a
Unitas.sol
contract until the IP balance would be updated.Duplicate of #95