Return to site
Return to site

Mentorship Series #4

0xfirefirst - Day 3

· Mentorship

We continued the Sukukfi contest on Code4rena, focusing on the ERC7575 vault contract.

Lesson summary:

  • Asked the sponsor what happens on share price chance in the 3 step process:
    • Q: What happens if the share price changes between fulfilling and depositing(claiming)
    • A: The protocol never promised the shares would maintain value! If the price drops between fulfillment and deposit, user loses, and vice versa. The user still gets the amount of shares which were promised to him at fulfilling.
  • Scenario: 50% loss via adjustrBalance - mechanism to track accounting losses:
    • Before: USDC.balanceOf(investmentVault) = 1M (physical tokens) _rBalances[ShareTokenUpgradeable] = 1M (accounting)
    • After adjustrBalance(1M, 500k): USDC.balanceOf(investmentVault) = 1M (UNCHANGED! Still there!) _rBalances[ShareTokenUpgradeable] = 500k (accounting loss)
    • Withdrawals: Alice can withdraw: ✅ Works (USDC is physically there) Bob can withdraw: ✅ Works (USDC is physically there). Both get paid! No insolvency!
  • Asked the sponsor the point of the 3 step process:
    • Q: Why is there a delay, what's the point of having 3 steps(request, fulfill and claim)?
    • A: It gives the Investment Manager discretion over timing - they can delay fulfilling redemptions during market volatility to avoid forced liquidations at losses, and delay deposits until good investment opportunities exist.
  • Cancel deposit request should only work on Pending requests, not Claimable (already fulfilled) (by the natspec) - OK. When fulfilled, it clears pendingDepositAssets, so cancelling after fulfill will revert with NoPendingCancelDeposit.
  • Can I partially deposit and then request a cancel of my deposit? - No, because again, after fulfillment, it resets pendingDepositAssets and will revert with NoPendingCancelDeposit. What if user has fulfilled deposit, then he deposits again and tries to cancel - will affect only the requested deposit and not touch the already fulfilled one.
  • They have cancel deposit, but not cancel mint, is cancel deposit handling both? - mint is just alternative claiming after fulfillment. No problem.
  • What happens if you request --> cancel --> request again --> cancel again, does it work? - it will work, because of the steps. User can have only one cancellation at a time.
  • Deposit, cancel, deposit again before it's canceled? Can I? - No, users can have only one cancellation at a time.
  • Trusted entity calls - check if something gets wrong if they get front-runned(always think someone is watching)
Subscribe
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save