Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A Vault owner can allocate 100% of tokens to one action #10

Open
andreiashu opened this issue Jul 30, 2021 · 0 comments
Open

A Vault owner can allocate 100% of tokens to one action #10

andreiashu opened this issue Jul 30, 2021 · 0 comments
Labels
Medium Report

Comments

@andreiashu
Copy link
Member

andreiashu commented Jul 30, 2021
edited
Loading

Description

A Vault owner can call rollOver function in order to distribute the funds to the actions. The _allocationPercentages argument deals with how much each action should have allocated as a percentage of the available funds in the Vault:

https://github.com/monoceros-alpha/review-opyn-perp-vault-templates-2021-07/blob/d94fcb2e2173008272604705a9fc618710349462/code/contracts/core/OpynPerpVault.sol#L336-L341

The _distribute function is responsible for ensuring that each action has allocated its respective share of funds:

https://github.com/monoceros-alpha/review-opyn-perp-vault-templates-2021-07/blob/d94fcb2e2173008272604705a9fc618710349462/code/contracts/core/OpynPerpVault.sol#L434-L443

The issue is that there is no restriction about a maximum or minimum percentage allocation per action. This means that an owner can allocate 100% to only one action, irrespective of how many actions have been defined in the Vault.

This makes a Vault less transparent for its potential users since ultimately the owner can decide to allocate all the funds to only one (highly risky) action.

Recommendation

In order to reduce the amount of trust that a user needs to place in a Vault owner, a minActionAllocationPercentage parameter should be added to the contract. It can be specified in the init function, along with the other Vault parameters. Once set this action should not be allowed to change (ie. no setter function).

The minActionAllocationPercentage parameter will specify a minimum allocation percentage for each action in the Vault. It will make the behavior of the system more predictable and transparent to its users. Even if set to 0 by the owner, its presence ensures that users know what they are signing up to when depositing assets into the vault.

NB: care should be taken to ensure correct validation of its value during the init stage. For example, having a 34% value for this parameter for a Vault with 3 actions would render the contract unable to allocate funds during rollOver stage.
@andreiashu andreiashu changed the title A Vault owner can allocate 100% to one action A Vault owner can allocate 100% of tokens to one action Jul 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Medium Report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@andreiashu