You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA Medium severity issue.RewardA payout will be made for this issue
The protocol claims to support rebasing tokens, however accrued rewards will be lost
Summary
The Cork protocol team claims that they support rebasing tokens as PA assets, however this is not the case. As per the README: Rebasing tokens are supported with exchange rate mechanism through Asset contracts. Lets take for example the stETH token, this is a token that tries to stay pegged to ETH and rewards are distributed daily to the accounts holding stETH. As per the Lido documentation: The mechanism which updates the stETH balances every day is called a “rebase”. Every day at 12PM UTC the amount of stETH in your address will increase with the current APR. The protocol doesn't have any mechanism to update the balance of the PA asset in the internal protocol accounting, the rewards generated by stETH will be lost forever. When users call the Psm::redeemRaWithDs() function they deposit PA and DS tokens into the contract and receive back RA tokens. If the PA tokens that the users deposited into the contract are for example stETH, the stETH APR that is transferred to the address holding the stETH tokens via the rebasing mechanism will be lost forever. The contract doesn't have any mechanism to increase the internal accounting of the PA tokens based on the rewards received, or withdraw the PA tokens in any way.
Root Cause
The protocol doesn't have any mechanism to update the internal accounting of rebasing PA tokens, and doesn't have any functionality to withdraw an arbitrary amount of PA tokens.
Internal pre-conditions
Users deposit RA tokens in the protocol via the Psm::depositPsm() function, and receive back CT and DS tokens.
There is no attack path, the protocol just doesn't work correcly.
Impact
The rewards generated by rebasing PA tokens held by the protocol will be lost forever.
PoC
No response
Mitigation
Implement a function to withdraw the rewards from rebasing PA tokens held by the protocol. Consider converting them to the corresponding RA token and distributing them as rewards.
sherlock-admin3
changed the title
Colossal Magenta Elk - The protocol claims to support rebasing tokens, however accrued rewards will be lost
dimulski - The protocol claims to support rebasing tokens, however accrued rewards will be lost
Sep 25, 2024
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA Medium severity issue.RewardA payout will be made for this issue
dimulski
Medium
The protocol claims to support rebasing tokens, however accrued rewards will be lost
Summary
The Cork protocol team claims that they support rebasing tokens as PA assets, however this is not the case. As per the README: Rebasing tokens are supported with exchange rate mechanism through Asset contracts. Lets take for example the stETH token, this is a token that tries to stay pegged to ETH and rewards are distributed daily to the accounts holding stETH. As per the Lido documentation: The mechanism which updates the stETH balances every day is called a “rebase”. Every day at 12PM UTC the amount of stETH in your address will increase with the current APR. The protocol doesn't have any mechanism to update the balance of the PA asset in the internal protocol accounting, the rewards generated by stETH will be lost forever. When users call the Psm::redeemRaWithDs() function they deposit PA and DS tokens into the contract and receive back RA tokens. If the PA tokens that the users deposited into the contract are for example stETH, the stETH APR that is transferred to the address holding the stETH tokens via the rebasing mechanism will be lost forever. The contract doesn't have any mechanism to increase the internal accounting of the PA tokens based on the rewards received, or withdraw the PA tokens in any way.
Root Cause
The protocol doesn't have any mechanism to update the internal accounting of rebasing PA tokens, and doesn't have any functionality to withdraw an arbitrary amount of PA tokens.
Internal pre-conditions
External pre-conditions
No response
Attack Path
There is no attack path, the protocol just doesn't work correcly.
Impact
The rewards generated by rebasing PA tokens held by the protocol will be lost forever.
PoC
No response
Mitigation
Implement a function to withdraw the rewards from rebasing PA tokens held by the protocol. Consider converting them to the corresponding RA token and distributing them as rewards.
Duplicate of #235
The text was updated successfully, but these errors were encountered: