Users can prevent slashing by frontrunning gauge loss notifications #901
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-877
sufficient quality report
This report is of sufficient quality
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Comments
c4-bot-2
added
3 (High Risk)
|
0xSorryNotSorry marked the issue as sufficient quality report |
c4-pre-sort
added
the
sufficient quality report
|
0xSorryNotSorry marked the issue as duplicate of #906 |
|
0xSorryNotSorry marked the issue as duplicate of #877 |
|
Trumpero marked the issue as unsatisfactory: |
c4-judge
added
the
unsatisfactory
|
Trumpero marked the issue as unsatisfactory: |
1 similar comment
|
Trumpero marked the issue as unsatisfactory: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/loan/SurplusGuildMinter.sol#L158
https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/loan/SurplusGuildMinter.sol#L228
Vulnerability details
Impact
The
getRewards()function inSurplusGuildMinterchecks if a user is slashable by obtaining the gauge’slastGaugeLoss()(a value storing the timestamp of the latest loss notification in the gauge) and comparing it against the staked user’s last gauge loss stored timestamp. Such value is updated for the gauge whennotifyPnL()is called, which internally will triggerGuildToken'snotifyGaugeLoss(), which will set the current timestamp as thelastGaugeLossfor the gauge:In order to determine if a user is slashable,
lastGaugeLossmust be greater thanuserStake.lastGaugeLoss. This check actually verifies if the user was staked in the gauge prior or during the loss notification, which makes him slashable.Considering the previous information, a vulnerability regarding avoiding slashing arises. It is possible for a user to frontrun the
notifyPnL()function execution when a negative PnL is reported in order to avoid being slashed. This is because no mechanism nor restriction exists in order to prevent such situation, which places the protocol in an undesirable and critical situation. Essentially, users will be able to stake to malicious/lossy gauges and obtain rewards without any real risk of being slashed because slash events can always be avoided.It is important to highlight the fact that this is not just a regular issue where the protocol will lose money. The ECG protocol’s concept of trust minimized pooled lending, and the staking mechanism built for it particularly, rely on the importance of “skin in the game”, i.e. users risking their assets by staking in well-functioning gauges for the proper functioning of the protocol. ECG’S oracle-less architecture is made possible based on the trust assumption that users (and particularly stakers) will not misbehave by voting for maliciously onboarded lending terms due to a punishment being imposed on them (in this particular case, the slashing). If the punishment (slashing) is avoided, then the whole ECG mechanisms will be broken, preventing the protocol from properly meeting its functioning requirements and expectations.
Tools Used
Manual review
Recommended Mitigation Steps
Usually, staking contracts incorporate restrictions and mitigation mechanisms for situations such as the one described previously. I recommend rethinking the staking approach, incorporating ideas from third-party protocols that already incorporate properly-working staking mechanisms, such as Chainlink Staking V0.2 or synthetix staking rewards.
A good first addition could be adding some sort of locking period that guarantees that users will stake their tokens for a minimum amount of time. Later, some additions can be added, such as unbonding mechanisms or periods.
Assessed type
MEV
The text was updated successfully, but these errors were encountered: