search

sherlock-audit / 2024-06-makerdao-endgame-judging

5 stars 3 forks source link

J4de - Insufficient liquidity in the uniswap pool may result in the inability to distribute farm rewards #32

Closed sherlock-admin3 closed 3 months ago

sherlock-admin3 commented 3 months ago

J4de

Medium

Insufficient liquidity in the uniswap pool may result in the inability to distribute farm rewards

Summary

Insufficient liquidity in the uniswap pool may result in the inability to distribute farm rewards.

Vulnerability Detail

The Splitter.kick function splits the received DAI into two parts

For the former, some burn engines (FlapperUniV2 and FlapperUniV2SwapOnly) will sell DAI in the uniswap pool. To prevent arbitrage, they will limit the selling price based on the oracle price.

Once the liquidity of the uniswap pool is low, the price impact will trigger the price limit and the swap will fail. More seriously, it will also cause the farm rewards to be unable to be distributed.

Impact

Farm rewards cannot be distributed and users lose staking rewards.

Code Snippet

https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/dss-flappers/src/Splitter.sol#L106-L110

Tool used

Manual Review

Recommendation

It is recommended that Splitter.kick isolate the DAI of flapper and farm.

telome commented 3 months ago

No loss of funds is related. Also governance is assumed to set parameters while assessing the pool liquidity. A downtime in burning or in rewards distribution is not a significant issue.