15 matches found
Users can avoid liquidation by splitting their positions into smaller ones
Lines of code Vulnerability details Impact Bad debt creation, as the total sum of positions could yield a signicant underwater position, but they would likely not be liquidated as it wouldn't compensate liquidators. Proof of Concept A recent, random transaction on Mantle shows a gas fee of 0.47...
Small positions are allowed in the system that are not profitable for liquidators
Lines of code Vulnerability details Proof of Concept When someone borrows, then he can borrow any assets amount that he would like. In the end function will check that position is healthy, which means that user has enough collateral amount to cover borrowed amount. The problem is that this functi...
Incorrect parameter for getCallerReward might return 0 reward despite insolvency
Lines of code Vulnerability details Impact The calculation of the caller reward uses an incorrect value. If the exchangeRate remains the same but a lot of interest accrues, then there will be no liquidation reward. Without a liquidation reward borrowing positions will not get liquidated and incur...
Bad debt bidders’ funds are locked forever when Shortfall address is changed during ongoing debt auction
Lines of code Vulnerability details Vulnerability Details When the protocol accrues bad debt, it can be auctioned off to anyone who is willing to pay. Each user wanting to participate in the auction has to lock their bid in Shortfall contract: function placeBidaddress comptroller, uint256 bidBps...
totalBorrows is not deducted properly when Comptroller#healAccount is called
Lines of code Vulnerability details Impact TotalBorrowed in VToken is not accounted properly when healAccount is called. Proof of Concept ComptrollerhealAccount intends to forgive the debt of the account if the debt goes far too underwater. When that happens, the collateral is seized, some of the...
Malicious actor can win auction unfavorably to the protocol by block stuffing
Lines of code Vulnerability details Vulnerability Details When protocol’s bad debt is auctioned off with 10% incentive at the beginning. A user who gives the best bid, wins. The auction ends when at least one account placed a bid, and current block number is bigger than nextBidderBlockLimit:...
Improper Management of Critical Market Condition
Lines of code Vulnerability details Impact The BorrowerOperations::requireValidAdjustmentInCurrentMode validation function will apply a weak level of validation, causing the system to magnify its critical market conditions when in recovery mode. In detail, both...
Liquidation bots are needed to stabilize the system.
Lines of code Vulnerability details Impact Allowing liquidation bots to arbitrage would stabilize the system. The majority of liquidations are done by liquidation bots. For liquidation bots to be viable there has to exist a secondary market where the assets can be instantly sold. This is especial...
Users may be liquidated right after taking maximal debt
Lines of code Vulnerability details Impact Since there's no gap between the maximal LTV and the liquidation LTV, user positions may be liquidated as soon as maximal debt is taken, without leaving room for collateral and Papr token prices fluctuations. Users have no chance to add more collateral o...
Bad debt will likely incur when multiple NFTs are liquidated.
Lines of code Vulnerability details Description getUserBalanceForERC721 in GenericLogic gets the value of a user's specific ERC721 xToken. It is later used for determining the account's health factor. In case isAtomicPrice is false such as in ape NTokens, price is calculated using: uint256...
Pausing can cause serious bad debt since debt can't be liquidated.
Lines of code Vulnerability details Impact Pausing can cause serious bad debt since debt can't be liquidated. For example, if 1 UST is used as collateral to borrow 0.7 USDT 30% safety. Then UST crashed and chainlink stopped working. You left no choice but to pause the contract. After that UST...
There is no method to unignore any ignored pair.
Lines of code Vulnerability details Impact The Witch contract uses setIgnoredPair function to prevent the liquidation of accepted pairs on the governance level. However, there is no method to remove these pairs from the ignoredPairs mapping. Proof of Concept Imagine there are vaults with UST/fyUS...
After debt seizure from InsuranceFund, user can dilute all past participants.
Lines of code Vulnerability details Impact A user can get a much larger portion of the pool as it recovers from a debt seizure. The intent of the insurance pool seems to be that it could recover from a bad debt event. Proof of Concept 1. Alice is the first LP to the insurance pool, and deposits...
One auction at a time would lead to bad debt
Handle jonah1005 Vulnerability details One auction at a time would lead to bad debt Impact The current DutchAuctionLiquidator only allows one auction for a position at a time. This is not a desirable design. If a position is liquidated due to the price movement of collaterals, the position would...
SelfBurn lpToken may create bad debt
Handle jonah1005 Vulnerability details Impact Users can create bad debt by burning their lpToken. Bad debt of the system would increase the utilization rate and hence increase the interest rate of the counterpart token. It would be a reasonable action to burn lp if the user is no longer profitabl...