Glorious Garnet Tadpole
Medium
before the user transaction(calling the function unlockUsd0ppFloorPrice), if the floor price for unlocking USD0++ to USD0 decreases , then the user will get less usd0 than expected which is unfair.
there is minamountout parameter in the function unlockUsd0ppFloorPrice.
before the user transaction(calling the function unlockUsd0ppFloorPrice), the floor price for unlocking USD0++ to USD0 should decrease.
No response
-
Let’s assume, currently the floor price for unlocking USD0++ to USD0 is 1e18.
-
Alice calls the function unlockUsd0ppFloorPrice with 100 usd0pp to get 100 USD0.
-
Before Alice's function unlockUsd0ppFloorPrice execution,the floor price for unlocking USD0++ to USD0 is updated to 0.9e18, as a result Alice gets 90 USD0 for 100 usd0pp which is unexpected/unfair for her.
function unlockUsd0ppFloorPrice(uint256 usd0ppAmount) external nonReentrant whenNotPaused { if (usd0ppAmount == 0) { revert AmountMustBeGreaterThanZero(); } if (balanceOf(msg.sender) < usd0ppAmount) { revert InsufficientUsd0ppBalance(); } Usd0PPStorageV0 storage $ = _usd0ppStorageV0();
if ($.floorPrice == 0) {
revert FloorPriceNotSet();
}
// as floorPrice can't be greater than 1e18, we will never have a usd0Amount greater than the usd0 backing
uint256 usd0Amount = Math.mulDiv(usd0ppAmount, $.floorPrice, 1e18, Math.Rounding.Floor);
_burn(msg.sender, usd0ppAmount);
$.usd0.safeTransfer(msg.sender, usd0Amount);
// Calculate and transfer the delta to the treasury
uint256 delta = usd0ppAmount - usd0Amount;
if (delta > 0) {
address treasury = $.registryContract.getContract(CONTRACT_TREASURY);
$.usd0.safeTransfer(treasury, delta);
}
emit Usd0ppUnlockedFloorPrice(msg.sender, usd0ppAmount, usd0Amount);
}
users can get less usd0 than expected.
No response
put minamountout parameter in the function unlockUsd0ppFloorPrice.