Closed sherlock-admin2 closed 1 month ago
Reverts in cases (1) and (2) won't occur for realistic values of nsr
and the nst supply. For reference, our init script doesn't allow a nsr
that is larger than 100% APY, which, if it were to be used, would obviously not be sustained over year-long periods). As per the rules, "Governance configurations are assumed to be set with extreme care." and unrealistic or malicious governance configurations are out of scope.
branch_indigo
Medium
Overflow risk not handled in SNst::drip, which might DOS SNst
Summary
SNst::drip
is at risk of revert caused by a potential unhandled overflow condition. This results in key functions such deposit, withdraw, redeem DOS.Vulnerability Detail
In SNst::drip, interest rate (
nsr
) is in RAY precision and compounding every second. There are two potential overflow cases that are not handled. (1)_rpow(nsr, block.timestamp - rho_)
overflow Although low probability, if_rpow(nsr, block.timestamp - rho_)
overflow, _rpow() will simply revert the transaction, instead of returning an overflow flag to allow proper handling.(https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/dba30d7a676c20dfed3bda8c52fd6702e2e85bb1/sdai/src/SNst.sol#L170)
(2)
(totalSupply_ * nChi)
overflownChi
is the new compounding accumulator which grow exponetially over time. AndtotalSupply_
can also grow significantly over time. When a call to drip() cause the(totalSupply_ * nChi)
to overflow, it causes the same effect of drip() revert.(https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/dba30d7a676c20dfed3bda8c52fd6702e2e85bb1/sdai/src/SNst.sol#L220)
Because
drip()
is invoked in critical functions such as depost, withdraw or redeem,drip()
reverting will disable asset deposit and redeem.(https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/dba30d7a676c20dfed3bda8c52fd6702e2e85bb1/sdai/src/SNst.sol#L391)
Impact
This results in key functions such deposit, withdraw, redeem DOS.
Code Snippet
(https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/dba30d7a676c20dfed3bda8c52fd6702e2e85bb1/sdai/src/SNst.sol#L214-L228)
Tool used
Manual Review
Recommendation
Consider checking overflow for all conditions, and if the overflow flag is true, do not compound new interest. For example,