kiki_dev
medium
rebalance() will revert if ownValue is below threshold and DAI amount is greater than USSD.
In rebalance() there is a if ownVal is below the threshhold then it will enter the if block. In here BuyUSSDSellCollateral() is called and USSDamount - DAIamount / 1e12)/2 is passed in as a parameter. The problem here is that if DAIamount is greater than USSDamount then a underflow will occur and the transaction will revert. DAI amount can become greater than ussd through the natural progression of the protocol. Or becasue it is a erc20 token and DAIamount is retrieved by getting the direct balance of DAI a user can just send DAI to the contract and force it to revert for all other users.
uint256 vol2 = IERC20Upgradeable(uniPool.token1()).balanceOf(address(uniPool));
Here is the math to support the function reverting.
(USSDamount - DAIamount / 1e12)/2
(1e6 - 2e18 / 1e12) / 2
(1e6 - 2e6) / 2
(-1e6) / 2 <----- underflow, transaction will revert.
The same can be said for when USSD is greater than DAI and rebalance() enters the else block.
rebalance() will revert and prevent the protocol from working.
Manual Review
Have a check in place to checks if DAI is greater and if it is use a work around to prevent the functionality from breaking.