Inconsistent Proposal Matching Due to Protocol Fee Basis Points Change
Summary
The protocol currently enforces a _assertMatchingProtocolFeeBasisPoints check to ensure that the proposalProtocolFeeBasisPoints (the fee rate at the time of proposal creation) matches the current protocolFeeBasisPoints. However, if the admin changes protocolFeeBasisPoints after a proposal has been partially filled, any remaining portions of that proposal will be unable to be filled, as the proposalProtocolFeeBasisPoints will no longer match the updated protocolFeeBasisPoints. This results in proposals becoming "stuck" and unfillable
Root Cause
The _assertMatchingProtocolFeeBasisPoints function checks if the proposalProtocolFeeBasisPoints (the fee rate that was set when the proposal was initially created) matches the protocolFeeBasisPoints (the currently active protocol fee rate). This check is implemented to ensure consistency and that all parts of the proposal follow the same fee rate.
The issue arises when the following sequence of events occurs:
A borrower or lender submits a proposal to the marketplace with a certain proposalProtocolFeeBasisPoints.
The proposal is partially filled by counter-parties, meaning that only a portion of the requested amount has been matched.
The protocol admin changes the protocolFeeBasisPoints rate.
Due to the change in protocolFeeBasisPoints, the _assertMatchingProtocolFeeBasisPoints check now fails, as the partially filled proposal's proposalProtocolFeeBasisPoints no longer matches the new protocolFeeBasisPoints.
This situation renders the remaining unfilled portion of the proposal unfillable, as it fails the _assertMatchingProtocolFeeBasisPoints check, effectively making the proposal "stuck."
This will create loss of liquidity because both LoanOffer and BorrowRequest cannot be matched and remained unfilled.
Internal pre-conditions
Admin needs to call updateProtocolFeeBasisPoints() to set different protocolFeeBasisPoints value. updateProtocolFeeBasisPoints
External pre-conditions
No response
Attack Path
Suppose a lender submits a proposal to lend 100 units of an asset with a proposalProtocolFeeBasisPoints of 50.
40 units are matched with borrowers, filling the proposal partially.
The admin changes protocolFeeBasisPoints from 50 to 60.
Now, the remaining 60 units cannot be filled because the proposalProtocolFeeBasisPoints of 50 no longer matches the current protocolFeeBasisPoints of 60.
Impact
Loss of Liquidity: Proposals stuck due to the mismatch in protocol fee basis points reduce the available liquidity in the marketplace
Gorgeous Sangria Ant
High
Inconsistent Proposal Matching Due to Protocol Fee Basis Points Change
Summary
The protocol currently enforces a _assertMatchingProtocolFeeBasisPoints check to ensure that the proposalProtocolFeeBasisPoints (the fee rate at the time of proposal creation) matches the current protocolFeeBasisPoints. However, if the admin changes protocolFeeBasisPoints after a proposal has been partially filled, any remaining portions of that proposal will be unable to be filled, as the proposalProtocolFeeBasisPoints will no longer match the updated protocolFeeBasisPoints. This results in proposals becoming "stuck" and unfillable
Root Cause
The
_assertMatchingProtocolFeeBasisPoints
function checks if theproposalProtocolFeeBasisPoints
(the fee rate that was set when the proposal was initially created) matches theprotocolFeeBasisPoints
(the currently active protocol fee rate). This check is implemented to ensure consistency and that all parts of the proposal follow the same fee rate.The issue arises when the following sequence of events occurs:
This situation renders the remaining unfilled portion of the proposal unfillable, as it fails the _assertMatchingProtocolFeeBasisPoints check, effectively making the proposal "stuck."
This will create loss of liquidity because both LoanOffer and BorrowRequest cannot be matched and remained unfilled.
Internal pre-conditions
updateProtocolFeeBasisPoints()
to set differentprotocolFeeBasisPoints
value. updateProtocolFeeBasisPointsExternal pre-conditions
No response
Attack Path
Impact
Loss of Liquidity: Proposals stuck due to the mismatch in protocol fee basis points reduce the available liquidity in the marketplace
PoC
No response
Mitigation
No response