DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Allocating extra Ditto rewards to people with lower collateralization ratios gives a disproportionate voice in governance to risk takers

happyformerlawyer

Summary

People with lower collateralization ratios are allocated relatively more Ditto tokens compared to those with higher collateralization ratios. Over time this gives an outsize voice in governance to people who are risk takers compared to those who are cautious.

Vulnerability Details

See the second to last else statement (after the note "Reduce amount of yield credited for ditto rewards proportional to CR"):

function _distributeYield(address asset)

private

onlyValidAsset(asset)

returns (uint88 yield, uint256 dittoYieldShares)

{

uint256 vault = s.asset[asset].vault;

// Last updated zethYieldRate for this vault

uint80 zethYieldRate = s.vault[vault].zethYieldRate;

// Protocol time

uint256 timestamp = LibOrders.getOffsetTimeHours();

// Last saved oracle price

uint256 oraclePrice = LibOracle.getPrice(asset);

// CR of shortRecord collateralized at initialMargin for this asset

uint256 initialCR = LibAsset.initialMargin(asset) + 1 ether;

// Retrieve first non-HEAD short

uint8 id = s.shortRecords[asset][msg.sender][Constants.HEAD].nextId;

// Loop through all shorter's shorts of this asset

while (true) {

// One short of one shorter in this market

STypes.ShortRecord storage short = s.shortRecords[asset][msg.sender][id];

// To prevent flash loans or loans where they want to deposit to claim yield immediately

bool isNotRecentlyModified =

timestamp - short.updatedAt > Constants.YIELD_DELAY_HOURS;

// Check for cancelled short

if (short.status != SR.Cancelled && isNotRecentlyModified) {

uint88 shortYield =

short.collateral.mulU88(zethYieldRate - short.zethYieldRate);

// Yield earned by this short

yield += shortYield;

// Update zethYieldRate for this short

short.zethYieldRate = zethYieldRate;

// Calculate CR to modify ditto rewards

uint256 cRatio = short.getCollateralRatioSpotPrice(oraclePrice);

if (cRatio <= initialCR) {

dittoYieldShares += shortYield;

} else {

// Reduce amount of yield credited for ditto rewards proportional to CR

dittoYieldShares += shortYield.mul(initialCR).div(cRatio);

}

// Move to next short unless this is the last one

if (short.nextId > Constants.HEAD) {

id = short.nextId;

} else {

break;

}

Impact

Governance could lean toward making risky decisions about the direction of the protocol after the DAO takes over managing it. Theoretically this could even be a risk to the future of the protocol itself. DeFi already tends to attract risk takers so if anything you might want to give a stronger voice to people who are cautious. The lessened rewards to people with higher collateralization ratios may already dissuade cautious people from participating on the platform at all.

Tools Used

Manual review

Recommendations

Don't reduce Ditto rewards to people with higher collateralization ratios. Remove the if and else statements after "// Calculate CR to modify ditto rewards"

Updates

Lead Judging Commences

0xnevi Lead Judge

almost 2 years ago

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Other

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.