Skip to content

Latest commit

 

History

History
66 lines (55 loc) · 3.64 KB

078.md

File metadata and controls

66 lines (55 loc) · 3.64 KB

Powerful Honeysuckle Anteater

High

Protocol does not maintain minimum USDT amount

Summary

We should always maintain USDT reserve, to ensure the redeemUSDT mechanism, which maintains peg, is available. However after we have once collected the 20,000USDT reserve, we no longer enforce the collection of it.

Root Cause

As noted in the docs: https://docs.autonomint.com/autonomint/blockchain-docs/core-logics/cds-logics#usdt-depsoited-till-now-logic https://docs.autonomint.com/autonomint/autonomint-1/autonomint/stablecoin-peg-stability We use the USDT reserve to maintain peg stability

Immediate re-deemability - Users can re-deem USDa to get USDT immediately in case the price falls below $1

In order to do that we enforce 20,000USDT as the only acceptable dCDS deposit. After reached, we allow for USDa deposits, but we don't do anything to preserve the 20,000USDT

    function deposit(
        CDSInterface.DepositUserParams memory params,
        mapping(address => CDSInterface.CdsDetails) storage cdsDetails,
        CDSInterface.Interfaces memory interfaces
    ) public returns (CDSInterface.DepositResult memory) {
        uint256 totalDepositingAmount = params.usdtAmount + params.usdaAmount;
        if (totalDepositingAmount == 0) revert CDSInterface.CDS_ShouldNotBeZero();
        if (params.liquidationAmount > totalDepositingAmount) {
            revert CDSInterface.CDS_LiqAmountExceedsDepositAmount(params.liquidationAmount, totalDepositingAmount);
        }
        IGlobalVariables.OmniChainData memory omniChainData = interfaces.globalVariables.getOmniChainData();
@>>     if (omniChainData.usdtAmountDepositedTillNow < params.usdtLimit) {
            if ((omniChainData.usdtAmountDepositedTillNow + params.usdtAmount) <= params.usdtLimit) {
                // Check the totalDepositingAmount is usdt amount
                if (params.usdtAmount != totalDepositingAmount) revert CDSInterface.CDS_NeedsUSDTOnly();
            } else {
                revert CDSInterface.CDS_SurplusUSDT();
            }
        } else {
@>>       if (params.usdaAmount < (params.usdaLimit * totalDepositingAmount) / 100) {
                revert CDSInterface.CDS_RequiredUSDaNotMet();
            }
@>>       if (interfaces.usda.balanceOf(msg.sender) < params.usdaAmount) {
                revert CDSInterface.CDS_Insufficient_USDa_Balance();
            } 
        }
        // Check the eth price is non zero
        if (params.ethPrice == 0) revert CDSInterface.CDS_ETH_PriceFeed_Failed();
        uint64 index;

...Skip Code...

        //increment usdtAmountDepositedTillNow
@>>     params.usdtAmountDepositedTillNow += params.usdtAmount;

        // updating global data
@>>        omniChainData.usdtAmountDepositedTillNow += params.usdtAmount;

However, we don't have a guarantee that this reserve of 20,000 USDT would not be fully redeemed later, as we only check if the USDA deposit is at least 80% of the new deposits. USDT could become 0%.

This creates a risk because if we don't ensure that the vault always holds USDT, we will lose one of the main tools for peg stability. The usdtAmountDepositedTillNow field is not being reduced during the redeem operation, so the condition if (omniChainData.usdtAmountDepositedTillNow < params.usdtLimit) can never be reevaluated properly.

Impact

  • One of the main tools to control peg stability might not be available if USDT deposits are not enforced.

Mitigation

One possible solution is to reduce the usdtAmountDepositedTillNow field during the redemption of USDT.