Closed sherlock-admin3 closed 1 month ago
The provided nsr value is unrealistically large (1000000121979553151239153027 corresponds to a 4584% APY). For reference, our init script doesn't allow a larger than 100% APY, which, if it were to be used, would obviously not be sustained over year-long periods). As per the rules, "Governance configurations are assumed to be set with extreme care." and unrealistic or malicious governance configurations are out of scope.
chaduke
Medium
SNst.drip() will eventually stop working due to overflow of totalSupply_ * nChi as nChi will growing exponentially large.
Summary
SNst.drip()
will eventually stop working due to overflow oftotalSupply_ * nChi
asnChi
will growing exponentially large.nChi
will grows monotonically and will never decrease. Even though it is near 1 RAY in the beginning, due the exponential growth nature, eventually it will be a huge value.Meanwhile, due to the scaling of
Nst
,totalSupply
might reach as big as 100B there or even bigger due to inflation of Dollar. As a result, we will have an overflow issue fortotalSupply_ * nChi
andSNst.drip()
will stop working.The contract will stop working in 20 yrs for nsr = 1000000121979553151239153027 and total supply = 100B nst.
Root Cause
nChi
will growing exponentially large.totalSupply
could also be a large number.[https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/sdai/src/SNst.sol#L214-L229]*https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/sdai/src/SNst.sol#L214-L229)
Internal pre-conditions
None
External pre-conditions
Enough time passed. and supply is also large.
Attack Path
Consider
Impact
This drip() will not work eventually due to too big nChi. It might stop working after decades for larger nsr and stop working after 20 years with nsr =1000000121979553151239153027 .
PoC
riun
forge test --match-test testVow1 -vv
.Mitigation
Not sure how to fix this.