Adding collateral enabled checks for redemption collections might make users uncapable of redeming their funds. #930
Comments
|
The Ideally we should remove both
I understand your concerns but this issue is more about centralization risks. We'll gradually move to removing unnecessary safety checks. I would move this issue to some metatask like "centralization risks" which would have issues like:
|
|
I agree with you, although from my point of view even if they work the same way they should be considered as two different mechanisms. From a security perspective, the pool will be protected by directly pausing redeems. But yes I get your point, and probably this won't be a problem for a long time until a collateral needs to be disabled , so I also agree that it could be handled as a centralization risk task and if needed then add it as a new feature. |
[MEDIUM] - Adding collateral enabled checks for redemption collections might make users uncapable of redeming their funds.
This PR is intended to fix the bug described in this Sherlock issue. However, the Sherlock report is actually wrong and the vulnerability described must not be considered as an issue in the first place, so the collateralEnabled check should not be added on collecting redemptions.
Enabling/disabling collaterals allows the protocol to add or remove supported collaterals, not to be used under uncertain situations, such as a hack. In such type of situations, the
isRedeemPausedcheck can be enabled to prevent users from redeeming if something wrong is currently happening.The problem with adding the
collateralEnabledcheck here is that if Ubiquity decides to disable a collateral in the future, some redemptions might be already queued, so users won't be able to withdraw their funds.Recommendation: Remove the
collateralEnabledcheck for collecting redemptions.Originally posted by @0xadrii in #894 (comment)
The text was updated successfully, but these errors were encountered: