Part 2

Summary

The distributeProtocolAssetReward function is designed to distribute protocol rewards to fee recipients. However, a critical issue arises when rewards are distributed in USDC during the _convertAssetsToUsdc and _convertUsdcToAssets processes, which are invoked within the settleVaultsDebt function based on the vault's state. If any fee recipient is blacklisted, both distributeProtocolAssetReward and settleVaultsDebt will revert, causing a denial-of-service (DOS) condition for the protocol.

Vulnerability Details

Consider the following scenario:

1. A keeper calls the settleVaultsDebt function.

2. The distributeProtocolAssetReward function is triggered, attempting to distribute rewards in USDC.

3. One of the fee recipients is blacklisted and cannot receive USDC rewards.

4. As a result, distributeProtocolAssetReward reverts, preventing the keeper from successfully executing settleVaultsDebt.

This issue stems from the protocol's reliance on a "push" mechanism for reward distribution, where rewards are directly sent to recipients. If any recipient is blacklisted, the entire transaction fails, halting the settlement process.

Impact

The vulnerability leads to a protocol-wide DOS condition. Until the blacklisted fee recipient is removed by the owner, the settleVaultsDebt function cannot be executed. Consequently, the protocol is unable to settle vault debts or credits, disrupting normal operations and potentially causing financial losses or inefficiencies.

Tools Used

Manual review

Recommendations

To mitigate this vulnerability, the protocol should adopt a pull-over-push mechanism for reward distribution. Instead of directly sending rewards to fee recipients, the protocol should:

1. Store Rewards in a Separate Contract or Variable: Accumulate rewards in a designated storage variable or contract for each fee recipient.

2. Implement a Withdrawal Function: Allow fee recipients to withdraw their rewards at their discretion via a dedicated function (e.g., withdrawRewards).

3. Handle Blacklisted Recipients Gracefully: If a recipient is blacklisted, their rewards can remain in the protocol until they are no longer blacklisted or until the owner manually intervenes.