StabilityPool Manual Review Findings

SPL-01M: Inexistent Protection of Withdrawals (Under-Collateralization)

Type	Severity	Location
Logical Fault		StabilityPool.sol:L462-L468

Description:

The StabilityPool::_withdrawFromSP function permits withdrawals to occur from the stability pool even if an undercollateralized trove exists which would further exacerbate the system's unhealthy state.

Impact:

As long as withdrawals are permitted when undercollateralized Tren boxes exist the system is unlikely to recover from such an unhealthy state.

Example:

Copy
457/**
458 * @dev Withdraws debt tokens from the stability pool.
459 * @param _amount The amount of debt tokens to withdraw
460 * @param _assets The array of collateral assets to be claimed.
461 */
462function _withdrawFromSP(
463    uint256 _amount,
464    address[] calldata _assets
465)
466    internal
467    returns (address[] memory assets, uint256[] memory amounts)
468{
469    uint256 initialDeposit = deposits[msg.sender];
470    _requireUserHasDeposit(initialDeposit);
471
472    _triggerTRENIssuance();
473
474    (assets, amounts) = getDepositorGains(msg.sender, _assets);
475
476    uint256 compoundedDeposit = getCompoundedDebtTokenDeposits(msg.sender);
477
478    uint256 debtTokensToWithdraw = TrenMath._min(_amount, compoundedDeposit);
479    uint256 loss = initialDeposit - compoundedDeposit; // Needed only for event log
480
481    // First pay out any TREN gains
482    _payOutTRENGains(msg.sender);
483    _sendToDepositor(msg.sender, debtTokensToWithdraw);
484
485    // Update deposit
486    uint256 newDeposit = compoundedDeposit - debtTokensToWithdraw;
487    _updateDepositAndSnapshots(msg.sender, newDeposit);
488    emit UserDepositChanged(msg.sender, newDeposit);
489
490    emit GainsWithdrawn(msg.sender, assets, amounts, loss); // loss required for event log
491}

Recommendation:

We advise the restriction to be re-imposed, ensuring that withdrawals are prevented whilst Tren box collateralization is unstable.

Alleviation (f6f1ad0b8f):

The Tren Finance team opted to impose a 7-day withdrawal restriction instead which does not address the original issue and instead hinders usability of the system.

We advise a proper undercollateralization restriction to be imposed instead, ensuring that users are unable to withdraw when the system is in an unhealthy state.

Alleviation (73b9546eb9):

The Tren Finance team re-evaluated this exhibit and opted to acknowledge it as they believe the 7-day restriction system is appropriate and will let them take action if needed in case the system has reached a critical state.

As such, we consider this exhibit acknowledged based on the presumption that the Tren Finance team will continuously monitor their protocol and act accordingly.