sherlock-audit / 2023-04-unitasprotocol-judging

4 stars 3 forks source link

stopthecap - Pausing `usd1` minting at <=130% reserve ratio will disable any Stability Burn and revenue distribution from the insurance staking #85

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

stopthecap

high

Pausing usd1 minting at <=130% reserve ratio will disable any Stability Burn and revenue distribution from the insurance staking

Summary

Pausing usd1 minting at <=130% reserve ratio will disable any Stability Burn and revenue distribution from the insurance staking

Vulnerability Detail

According to the docs, if the Reserve ratio ≤ 130%, the minting of usd1 will be paused.

https://github.com/sherlock-audit/2023-04-unitasprotocol-0xffff11/tree/main/Unitas-Protocol#reserve-ratio--130

As specified on the whitepaper, Unitas conducts Stability Burn if the protocol hasn’t reached its minimum over-reservation ratio. The problem here is that usd1 will be paused when reserve ratio <=130% and the pausable method of the usd1 is shared between the minting and burning function. Therefore any burning that happens for the stability burns, will not be able to be conducted when the protocol needs it more making the reserve ratio go lower.

Impact

Unable to perform stability burns and revenue distribution

Code Snippet

https://github.com/sherlock-audit/2023-04-unitasprotocol-0xffff11/tree/main/Unitas-Protocol#reserve-ratio--130 https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/ERC20Token.sol#L171-L184

Tool used

Manual Review

Recommendation

Do not tie pausable to both minting and burning at the same time