the project says never sell too much ussd for collateral but doesnt have any logic to mitigate this.
Summary
the project says never to sell too much ussd for collateral but doesn't have any logic to mitigate this.
Vulnerability Detail
in the the USSDRebalancer.sol:Rebalance() function there is comment telling
// never sell too much USSD for DAI so it 'overshoots' (becomes more in quantity than DAI on the pool)
otherwise could be arbitraged through mint/redeem
but the project didnt actually make logic that is able to mitigate it and through rebaance function...
function rebalance() override public {
uint256 ownval = getOwnValuation();
(uint256 USSDamount, uint256 DAIamount) = getSupplyProportion();
if (ownval < 1e6 - threshold) {
// peg-down recovery
BuyUSSDSellCollateral((USSDamount - DAIamount / 1e12)/2);
} else if (ownval > 1e6 + threshold) {
// mint and buy collateral
//Never sell too much USSD for DAI so it 'overshoots' (becomes more in quantity than DAI on the pool)
// otherwise could be arbitraged through mint/redeem
//The execution difference due to fee should be taken into accounting too
//Take 1% safety margin (estimated as 2 x 0.5% fee)
IUSSD(USSD).mintRebalancer(((DAIamount / 1e12 - USSDamount)/2) * 99 / 100); // mint ourselves amount till balance recover
SellUSSDBuyCollateral();
}
}
Impact
USSD becomes more in quantity than DAI on the pool
otherwise could be arbitraged through mint/redeem
Code Snippet
function rebalance() override public {
uint256 ownval = getOwnValuation();
(uint256 USSDamount, uint256 DAIamount) = getSupplyProportion();
if (ownval < 1e6 - threshold) {
// peg-down recovery
BuyUSSDSellCollateral((USSDamount - DAIamount / 1e12)/2);
} else if (ownval > 1e6 + threshold) {
// mint and buy collateral
// never sell too much USSD for DAI so it 'overshoots' (becomes more in quantity than DAI on the pool)
// otherwise could be arbitraged through mint/redeem
// the execution difference due to fee should be taken into accounting too
// take 1% safety margin (estimated as 2 x 0.5% fee)
IUSSD(USSD).mintRebalancer(((DAIamount / 1e12 - USSDamount)/2) * 99 / 100); // mint ourselves amount till balance recover
SellUSSDBuyCollateral();
}
}
Avci
medium
the project says never sell too much ussd for collateral but doesnt have any logic to mitigate this.
Summary
the project says never to sell too much ussd for collateral but doesn't have any logic to mitigate this.
Vulnerability Detail
in the the USSDRebalancer.sol:Rebalance() function there is comment telling
but the project didnt actually make logic that is able to mitigate it and through rebaance function...
Impact
USSD becomes more in quantity than DAI on the pool otherwise could be arbitraged through mint/redeem
Code Snippet
https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSDRebalancer.sol#L92-L108
Tool used
Manual Review
Recommendation
consider modifying the project to the way that actually mitigates there are 2 ways to fix it.