keccak123
medium
The UXD protocol is designed to work on multiple chains. It is possible to bridge UXD tokens across chains because they inherit the OFT token standard. A user could drain the UXD protocol asset holdings on one chain using UXD minted on a different chain, which would cause a denial of service for redemptions on that chain until new deposits take place.
The UXD protocol is designed for multiple chains and the UXD token can be bridged using Layer Zero because UXD uses the OFT token standard. UXD tokens minted on Optimism can be redeemed on Arbitrum and vice versa. If a large number of tokens are minted on Arbitrum, bridged to Optimism, and redeemed for the underlying assets, the result could be that UXD holds no more assets on Optimism. This would result in a net negative because users who want to redeem would individually have to bridge to arbitrum to redeem (many bridging fees) while the user that bridged the large amount to drain the Optimism assets only had to bridge their large amount once (one bridging fee).
The core problem is that UXD tokens can move across chains, but the UXD assets or collateral cannot and there is no disincentive in place to prevent draining on one chain.
An overflow would result in one or more functions in PerpDepository returning incorrect values
This line could be at risk of an overflow https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/integrations/perp/PerpDepository.sol#L430
Manual Review
Add an incentive for arbitragers to deposit to UXD when the vault holdings are below a certain level relative to the total supply of UXD tokens minted. A different way to incentivize preventing a denial of service is to increase the redemption fees when the assets in UXD fall below a certain level relative to the total supply of UXD tokens minted.