Powerful Honeysuckle Anteater
Medium
The lock-in period option set during deposit, for dCDS users is not enforced when trying to withdraw.
As it can be seen from the docs https://docs.autonomint.com/autonomint/blockchain-docs/core-contracts/cds#deposit and the deposit function there is a param called lockingPeriod, which the user can use to specify/make a longer locking period, with a minimum of 1 month by requirement.
function deposit(
uint128 usdtAmount,
uint128 usdaAmount,
bool liquidate,
uint128 liquidationAmount,
uint128 lockingPeriod ) payable lockingPeriod | uint128 | How long the user is willing to stay deposited in the protocol. However, currently it's just set during deposit in CDSLib.sol#L534 but later is not enforced when withdrawing.
This could also be seen from the frontend
A longer lockingperiod could be specified: https://docs.autonomint.com/autonomint/autonomint-1/guides/how-to/dcds-interface
- User wants to lock-in for a longer period, for example, 60 days.
- He specifies during the deposit the 60 days duration
- Since the problem is that this value is not enforced during withdraw() in CDS.sol, he would be able to withdraw earlier.
The option will not work, as the value set during a deposit won't be used and the user could withdraw earlier.
Enforce that value upon withdrawing.