Skip to content

Latest commit

 

History

History
72 lines (49 loc) · 1.72 KB

073.md

File metadata and controls

72 lines (49 loc) · 1.72 KB

Low Tangerine Cod

High

revenue earned from user withdrawal will be forever lost

Summary

protocol will never be able to claim usdaCollectedFromCdsWithdraw

Root Cause

There is a 10% tax on all user's profit withdrawal, but protocol never claims/withdraw it

                params.usdaToTransfer = calculateUserProportionInWithdraw(params.cdsDepositDetails.depositedAmount, returnAmountWithGains);
                //Update the treasury data
                interfaces.treasury.updateUsdaCollectedFromCdsWithdraw(returnAmountWithGains - params.usdaToTransfer);

...

    function calculateUserProportionInWithdraw(
        uint256 depositedAmount,
        uint256 returnAmount
    ) public pure returns (uint128) {
        uint256 toUser;
        // if the return amount is greater than depsoited amount,
        // deduct 10% from it
        if (returnAmount > depositedAmount) {
            uint256 profit = returnAmount - depositedAmount;
            toUser = returnAmount - (profit * 10) / 100;
        } else {
            toUser = returnAmount;
        }

        return uint128(toUser);
    }

Blockchian/contracts/lib/CDSLib.sol#L801

Internal pre-conditions

none

External pre-conditions

none

Attack Path

always happening

Impact

10% of all cds users withdrawals profits will be lost

PoC

No response

Mitigation

fix it, totalInterest needs to be updated to claim it

    function updateUsdaCollectedFromCdsWithdraw(
        uint256 amount
    ) external onlyCoreContracts {
-        usdaCollectedFromCdsWithdraw += amount;
+        totalInterest += amount;
    }