You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are strongly considering removing the redeem fee from OETH, moving to the only asset being WETH, and removing all oracles.
In the past, the redeem fee has provided an extra layer of protection on the protocol because any looping of minting -> doing stuff-> redeeming incurs the redeem fee cost. This erases any small profits from any calculation errors, and makes attacks requiring huge amounts of impractical unless they clear a profit threshold that gets higher the more funds are used.
We want to ensure that removing redeem fees do not result in anything that's exploitable for more than just a minimal rounding error.
There's at least two categories of attacks to consider:
Attacks that steal principal by minting / doing some stuff / redeeming.
Attacks that steal yield by minting before a rebase, then rebasing the protocol, then redeeming.
Maybe there's some kind of attack that works by redeeming first, then doing stuff, then minting? Maybe there's something with donations?
The text was updated successfully, but these errors were encountered:
We are strongly considering removing the redeem fee from OETH, moving to the only asset being WETH, and removing all oracles.
In the past, the redeem fee has provided an extra layer of protection on the protocol because any looping of minting -> doing stuff-> redeeming incurs the redeem fee cost. This erases any small profits from any calculation errors, and makes attacks requiring huge amounts of impractical unless they clear a profit threshold that gets higher the more funds are used.
We want to ensure that removing redeem fees do not result in anything that's exploitable for more than just a minimal rounding error.
There's at least two categories of attacks to consider:
Maybe there's some kind of attack that works by redeeming first, then doing stuff, then minting? Maybe there's something with donations?
The text was updated successfully, but these errors were encountered: