FastTiger - In LibUbiquityPool.sol, it is not right to not be able to call LibUbiquityPool.sol::collectRedemption() when the user has isRedeemPaused=true. #225
In LibUbiquityPool.sol, it is not right to not be able to call LibUbiquityPool.sol::collectRedemption() when the user has isRedeemPaused=true.
Summary
Users who proceed with redeemDollar but fail to proceed with collectRedemption before setting isRedeemPaused=true will have their Ubiquity Dollar token burned and the corresponding collateral will not be recovered (collect).
Vulnerability Detail
ubiquity-dollar/packages/contractors/src/dollar/LibUbiquityPool.sol::L481~L484 is as follows.
require(
poolStorage.isRedeemPaused[collateralIndex]==false,
“Redeeming is paused”
);
In the current protocol, when the LibUbiquityPool.sol::redeemDollar() function is called to return (redeem) a Ubiquity Dollar token, the corresponding collateral is not returned immediately, but can only be returned by calling the collectRedemption() function. Also, if the administrator sets isRedeemPaused=true, both the redeemDollar() function and the collectRedemption() function cannot be called.
In this case, if users who were trying to call redeemDollar and collectRedemption when isRedeemPaused=false set isRedeemPaused=true in the protocol in the meantime, the users have already burned their Ubiquity Dollar token, but cannot retrieve the corresponding collateral. Therefore, there may be dissatisfaction with the protocol and credibility may be greatly reduced.
In special cases, if you need to set isRedeemPaused=true in the protocol, simply disable redeemDollar and prevent the Ubiquity Dollar token from being returned (redeemed).
If you don't even allow collectRedemption,
Users will not be able to retrieve their collateral corresponding to already burned Ubiquity Dollar tokens.
If it is absolutely necessary to prevent collectRedemption, a new isCollectRedemption flag must be added.
Impact
Users who proceeded with redeemDollar but failed to proceed with collectRedemption before setting isRedeemPaused=true feel strong dissatisfaction with the protocol.
FastTiger
medium
In LibUbiquityPool.sol, it is not right to not be able to call LibUbiquityPool.sol::collectRedemption() when the user has isRedeemPaused=true.
Summary
Users who proceed with redeemDollar but fail to proceed with collectRedemption before setting isRedeemPaused=true will have their Ubiquity Dollar token burned and the corresponding collateral will not be recovered (collect).
Vulnerability Detail
ubiquity-dollar/packages/contractors/src/dollar/LibUbiquityPool.sol::L481~L484 is as follows. require( poolStorage.isRedeemPaused[collateralIndex]==false, “Redeeming is paused” );
In the current protocol, when the LibUbiquityPool.sol::redeemDollar() function is called to return (redeem) a Ubiquity Dollar token, the corresponding collateral is not returned immediately, but can only be returned by calling the collectRedemption() function. Also, if the administrator sets isRedeemPaused=true, both the redeemDollar() function and the collectRedemption() function cannot be called.
In this case, if users who were trying to call redeemDollar and collectRedemption when isRedeemPaused=false set isRedeemPaused=true in the protocol in the meantime, the users have already burned their Ubiquity Dollar token, but cannot retrieve the corresponding collateral. Therefore, there may be dissatisfaction with the protocol and credibility may be greatly reduced.
In special cases, if you need to set isRedeemPaused=true in the protocol, simply disable redeemDollar and prevent the Ubiquity Dollar token from being returned (redeemed). If you don't even allow collectRedemption, Users will not be able to retrieve their collateral corresponding to already burned Ubiquity Dollar tokens.
If it is absolutely necessary to prevent collectRedemption, a new isCollectRedemption flag must be added.
Impact
Users who proceeded with redeemDollar but failed to proceed with collectRedemption before setting isRedeemPaused=true feel strong dissatisfaction with the protocol.
Code Snippet
ubiquity-dollar/packages/contracts/src/dollar/LibUbiquityPool.sol::L481~L484
Tool used
Manual Review
Recommendation
Duplicate of #103