Skip to content
This repository has been archived by the owner on Nov 26, 2023. It is now read-only.

J4de - USSDRebalancer.sol#SellUSSDBuyCollateral will not sell any collateral if the collateralFactor is too high #191

Closed
sherlock-admin opened this issue May 23, 2023 · 0 comments
Closed

J4de - USSDRebalancer.sol#SellUSSDBuyCollateral will not sell any collateral if the collateralFactor is too high #191

sherlock-admin opened this issue May 23, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented May 23, 2023
edited by hrishibhat
Loading

J4de

high

USSDRebalancer.sol#SellUSSDBuyCollateral will not sell any collateral if the collateralFactor is too high

Summary

USSDRebalancer.sol#SellUSSDBuyCollateral will not sell any collateral if the collateralFactor is too high. Cause after the USSD price rises, it cannot be adjusted.

Vulnerability Detail

1. The vulnerability

File: USSDRebalancer.sol
177       // total collateral portions
178       uint256 cf = IUSSD(USSD).collateralFactor();
179       uint256 flutter = 0;
180       for (flutter = 0; flutter < flutterRatios.length; flutter++) {
181         if (cf < flutterRatios[flutter]) {
182           break;
183         }
184       }

If the collateralFactor exceeds all flutterRatios, the for loop will not break, and finally flutter will accumulate to flutterRatios.length.

189       for (uint256 i = 0; i < collateral.length; i++) {
190         uint256 collateralval = IERC20Upgradeable(collateral[i].token).balanceOf(USSD) * 1e18 / (10**IERC20MetadataUpgradeable(collateral[i].token).decimals()) * collateral[i].oracle.getPriceUSD() / 1e1    8;
191 >>      if (collateralval * 1e18 / ownval < collateral[i].ratios[flutter]) {
192           portions++;
193         }
194       }

collateral[i].ratios[flutterRatios.length] is 0 (Because the index exceeds the upper limit of the array). So no collateral will be sell.

2. How to make the collateralFactor bigger

to call mintForToken function to mint USSD, The collateralFactor will get bigger.

Impact

SellUSSDBuyCollateral fucntion no longer works in some scenarios

Code Snippet

https://github.com/USSDofficial/ussd-contracts/blob/f44c726371f3152634bcf0a3e630802e39dec49c/contracts/USSDRebalancer.sol#L180-L184

Tool used

Manual Review

Recommendation

      uint256 cf = IUSSD(USSD).collateralFactor();
      uint256 flutter = 0;
      for (flutter = 0; flutter < flutterRatios.length; flutter++) {
        if (cf < flutterRatios[flutter]) {
          break;
        }
      }
+      
+     if (flutter == flutterRatios.length) {
+         flutter = flutterRatios.length - 1;
+     }

      CollateralInfo[] memory collateral = IUSSD(USSD).collateralList();
      uint portions = 0;
      uint ownval = (getOwnValuation() * 1e18 / 1e6) * IUSSD(USSD).totalSupply() / 1e6; // 1e18 total USSD value
      for (uint256 i = 0; i < collateral.length; i++) {
        uint256 collateralval = IERC20Upgradeable(collateral[i].token).balanceOf(USSD) * 1e18 / (10**IERC20MetadataUpgradeable(collateral[i].token).decimals()) * collateral[i].oracle.getPriceUSD() / 1e18;
        if (collateralval * 1e18 / ownval < collateral[i].ratios[flutter]) {
          portions++;
        }
      }

Duplicate of #889
@github-actions github-actions bot closed this as completed Jun 5, 2023
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jun 5, 2023
@sherlock-admin sherlock-admin added Non-Reward This issue will not receive a payout and removed Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jun 23, 2023
@hrishibhat hrishibhat added the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Jul 7, 2023
@sherlock-admin sherlock-admin added Reward A payout will be made for this issue and removed Non-Reward This issue will not receive a payout labels Jul 7, 2023
@sherlock-admin sherlock-admin added the Medium A valid Medium severity issue label Jul 17, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hrishibhat @sherlock-admin