The following branch in the oracle's code ```solidity! ... } else { // Take the minimum of (market, canonical) in order to mitigate against upward market price manipulation price = LiquityMath._min(sUsdeUsdPrice, canonicalPrice); } ``` still allows for profitable redemptions in the case where the canonical sUSDe price (i.e., the ERC-4626 vault's exchange rate) diverges from the sUSDe market price comming from chainlink. This implicitly means that the code is willing to offer the best possible price for redemptions, since when the collateral is priced lower a given amount of BOLD to be reedemed will yield more collateral. sUSDe being implemented as an ERC-4626 vault means that the sUSDe's worth in USDe terms is calculated as ```solidity! function totalAssets() public view virtual override returns (uint256) { return _asset.balanceOf(address(this)); } ... function _convertToAssets(uint256 shares, Math.Rounding rounding) internal view virtual returns (uint256) { return shares.mulDiv(totalAssets() + 1, totalSupply() + 10 ** _decimalsOffset(), rounding); } ``` Without loss of generality, we can disregard about OZ's implementation of virtual shares and define the sUSDe rate as $$ \frac{USDe}{sUSDe} $$ Because $USDe$ is determined by the contract's balance, this means that direct transfers to the sUSDe contract can inflate the exchange rate. --- With all these, we are interested in determining whether a user can inflate the sUSDe rate and force the code to redeem at a lower price than the current exhange rate. Essentially: 1. The protocol uses the lower price, "selling" sUSDe low 2. The sUSDe contract "buys" sUSDe high So we would like to see if/when this creates a profitable arbitrage cycle --- Without loss of generality, we can assume that sUSDe's market price is close to the exchange rate initialy. That is: $$ p_{USDe}\frac{USDe}{sUSDe} = p_{oracle} $$ For our analysis we assume that $USDe$ isclose enough to 1$ so we assume $$ \frac{USDe}{sUSDe} = p_{oracle} $$ This is a realistic assumption (that simplifies calculations) since sUSDe by definition includes all the tokenized yield that Ethena has accrued through the protocol's revenue streams so it's priced at a price greater than 1$. USDe on the other hand is ideally a stable coin. 1. The user directly transfers $m$ USDe to the sUSDe contract, making the new exchange rate $\frac{USDe + m}{sUSDe}$ 2. The user redeems $B$ BOLD with a redemption price of $p_{oracle}$ since the canonical price has been inflated. We assume the user receives $(1-\phi)B\frac{1}{p_{oracle}}$ sUSDe, where $\phi$ is the corresponding redemption fee. 3. The user redeems all of the received sUSDe at an exchange rate of $\frac{USDe + m}{sUSDe}$ ### Can the cost of inflating the exchange rate can be overcome The redemption remains profitable as long as: $$ \frac{USDe + m}{sUSDe}(1 - \phi)B\frac{1}{p_{oracle}} > m\iff $$ $$ [\frac{USDe}{sUSDe} + \frac{m}{sUSDe}](1 - \phi)B\frac{1}{p_{oracle}} > m\iff $$ $$ [p_{oracle} + \frac{m}{sUSDe}](1 - \phi)B\frac{1}{p_{oracle}} > m\iff $$ $$ (1 - \phi)B + \frac{m}{sUSDe}(1 - \phi)B\frac{1}{p_{oracle}} > m\iff $$ $$ (1 - \phi)B[1 + \frac{m}{sUSDe}\frac{1}{p_{oracle}}] > m\iff $$ $$ (1 - \phi)B[1 + \frac{m}{sUSDe}\frac{sUSDe}{USDe}] > m\iff $$ $$ (1 - \phi)B[1 + \frac{m}{USDe}] > m $$ So given an inflation parameter $m$, we can appropriately choose a BOLD amount $B$ to redeem so that the redemption is still profitable. For most scenarios an appropriately large $B$ such as $B > m$ should suffice ### Can the forced arbitrage can be more profitable for the user compared to a regular redemption for the same amount of BOLD tokens The user walks away with $$ (1 - \phi)B(1 + \frac{m}{sUSDe}\frac{1}{p_{oracle}}) -m $$ USDe as profit from the redemption, but we would like to see whether this profit can be more than what the user would have gotten by redeeming at the regular price and getting USDe out of the sUSDe contract: $$ (1 - \phi)B(1 + \frac{m}{sUSDe}\frac{1}{p_{oracle}}) -m > (1 - \phi)B\frac{1}{p_{oracle}}\frac{USDe}{sUSDe} \iff $$ $$ (1 - \phi)B(1 + \frac{m}{sUSDe}\frac{1}{p_{oracle}}) -m > (1 - \phi)B \iff $$ $$ (1 - \phi)B(1 + \frac{1}{p_{oracle}}\frac{m}{sUSDe} - 1]) -m > 0 \iff $$ $$ (1 - \phi)B(\frac{1}{p_{oracle}}\frac{m}{USDe}) -m > 0 $$ For a fixed $m$, one has to choose an appropriately high $B$ to redeem for the arbitrage to be profitable. Assuming: - 2 billion in USDe locked in sUSDe - $\phi = 0.005$ The attack becomes impractical, since even if $m$ is flash-borrowed so that $\frac{m}{USDe}$ is non-negligible, one cannot find a realistic $B$ and profit.