simon135
high
2 cases: 1. If an attacker can get the contract to be blocked from interacting with usdc ,usdc will be stuck in the contract. 2. Attacker front runs bob's(victim) redeem tx by blocking bob from using usdc then the usdc will be stuck in the contract.
ex:
Alice(Attacker) does something malicious with address(this) the prep contract
which then when a user wants to rebalance or transfer funds to insurance it will revert, making the whole Depository useless
A Malicious user can cause funds to be stuck in the contract. Since perp using usdc this can easily happen and the protocol won't work it will dos everyone and it will be very easy for users to lose funds.
The attacker does the same for the depository and nobody will be able to use usdc with minting
collateral.transferFrom(
account,
depository,
assetAmount
);_redeem()
an attacker can front-run the intermediary address and block it from receiving usdc.
// _redeem() function
IERC20(redeemParams.assetToken).transfer(redeemParams.intermediary, amountOut);the owner cant deposit funds to cover the funding rate and the fund will be liquidated
IERC20(insuranceToken()).transferFrom(from, address(this), amount);perp contract, users wont be able to rebalance the position
if (shortFall > 0) {
IERC20(quoteToken).transferFrom(
account,
address(this),
uint256(shortFall)
);
} else if (shortFall < 0) {
// we got excess tokens in the spot swap. Send them to the account paying for rebalance
IERC20(quoteToken).transfer(
account,
_abs(shortFall)
);
}
Manual Review
Instead of sending tokens directly to the contract or user consider storing the number of tokens in variables and having a role or a user claim it with a different address. Also, add an owner function to take out stuck funds