DittoETH

Summary

The protocol currently allows for the shutdown of a market through the shutdownMarket() function but lacks a mechanism to reactivate a market once it has been shut down. Given that cUSD will be the only market at the protocol's launch, an irreversible shutdown renders the entire protocol unusable. This issue is further exacerbated by the previously identified vulnerability described in the finding "Incorrect Collateral Ratio Check in shutdownMarket()" that allows a malicious actor to shutdown a healthy market.

Vulnerability Details

The protocol provides a shutdownMarket() function to halt market activities if certain conditions are met, such as low collateral ratios. However, the protocol does not offer a corresponding function to restore or reactivate a market once it has been deactivated. This becomes especially critical when combined with the previously discovered vulnerability, where a malicious actor can shut down a healthy market due to an incorrect collateral ratio check.

Impact

• Irreversible Protocol Shutdown: In the absence of a mechanism to reactivate markets, a shutdown would make the entire protocol inoperable, especially since cUSD will be the only initial asset.

• Loss of Trust and Adoption: The inability to restore a deactivated market could result in a significant loss of user trust and potential abandonment of the protocol.

• Financial and Operational Risks: Users and the protocol itself are exposed to significant financial and operational risks, especially if the market is maliciously shut down while still healthy.

Recommendations

Implement Market Reactivation Function: Introduce a secure and access controlled mechanism to reactivate markets that have been shutdown.