Active Boosts

#45517 [SC-Insight] Partial Documentation for Self-Close Exit Fee Handling and Redemption Workflow in 'CollateralPool.sol'

Submitted on May 16th 2025 at 00:33:39 UTC by @rusalka711 for Audit Comp | Flare | FAssets

  • Report ID: #45517

  • Report Type: Smart Contract

  • Report severity: Insight

  • Target: https://github.com/flare-foundation/fassets/blob/main/contracts/assetManager/implementation/CollateralPool.sol

  • Impacts:

Description

Brief/Intro

The _selfCloseExitTo and fAssetRequiredForSelfCloseExit functions lack critical explanations of their redemption logic, fee lifecycle management, and parameter constraints. Missing documentation increases the risk of user errors during self-close exits and complicates protocol maintenance.

Vulnerability Details

A. Undocumented Parameters

  1. _redeemToCollateral:

    • No explanation of when/why to use direct collateral redemption vs. standard chain redemption.

  2. _redeemerUnderlyingAddress:

    • Missing examples (e.g., BTC/XRP address formats) and validation requirements.

  3. _executor:

    • Unclear role (e.g., receives fees for manual redemptions on non-smart contract chains).

B. Fee Lifecycle Ambiguity

  1. Fee Debt Conversion:

    • No context on how this affects future fee withdrawals or user balances.

  2. Allowance Checks:

    • Fails to specify that transferFee is paid by the user, not the contract.

C. Collateral Ratio Logic

  1. _getFAssetRequiredToNotSpoilCR:

    • No documentation of its formula or impact on pool solvency.

  2. Agent Redemption Limits:

    • Undefined consequences of maxAgentRedemption < requiredFAssets (e.g., partial exits).

D. Event Emissions

  1. IncompleteSelfCloseExit:

    • No explanation of when/why this event is emitted.

  2. Exited Parameters:

    • Undocumented fields (e.g., spentFAssetFees vs. requiredFAssets).

Impact Details

Category: Documentation Improvements Insight

Impact Analysis:

  • No Direct Exploit: The code operates correctly as written.

  • Operational Risks:

    1. Insufficient Allowances: Users may underestimate transferFee, causing transaction reverts.

    2. Collateral Misconfigurations: Misunderstanding _redeemToCollateral could lead to failed redemptions.

    3. Accounting Errors: Poorly tracked fee debt may cause incorrect user balance calculations.

References

  • Code File: CollateralPool.sol (Lines 312–412).

  • Key Functions:

    • _selfCloseExitTo

    • fAssetRequiredForSelfCloseExit

  • Critical Parameters:

    • _redeemToCollateral

    • _redeemerUnderlyingAddress

    • _executor

Proof of Concept

Proof of Concept

1. _selfCloseExitTo Function Documentation

Location: Insert above the _selfCloseExitTo function. Code:

2. fAssetRequiredForSelfCloseExit Function Documentation

Location: Insert above the fAssetRequiredForSelfCloseExit function. Code:

3. Inline Comment for _redeemerUnderlyingAddress

Location: Insert above the _redeemerUnderlyingAddress parameter usage (inside _selfCloseExitTo). Code:

4. Event Emission Comment

Location: Insert above the emit IncompleteSelfCloseExit line. Code:

5. Parameter Validation Comment

Location: Insert above the requiredFAssets < assetManager.lotSize() check. Code:

Summary of Changes

Code Section
Documentation Added

_selfCloseExitTo

NatSpec for parameters, collateral checks, agent limits, and fee logic.

fAssetRequiredForSelfCloseExit

Formula explanation and edge-case handling.

_redeemerUnderlyingAddress

Example address formats for clarity.

IncompleteSelfCloseExit

Context for partial exits due to agent limits.

requiredFAssets check

Clarifies _redeemToCollateral usage for small amounts.

Result

These comments:

  1. Prevent User Errors: Clarify redemption paths, fee allowances, and address formats.

  2. Improve Auditability: Document formulas and edge cases for critical logic.

  3. Enhance Maintainability: Explain parameter interactions and event triggers.

Previous#45514 [SC-Medium] malicious agents can trap stakers by raising the exit collateral ratioNext#45533 [SC-Low] Incorrect gas allowance comparison in CoreVault transfer function leads to user fund loss

Was this helpful?