5 matches found
Users positions can be directly liquidated when the admin changes the collateralFactorMantissa from a higher value to a lower value
Lines of code Vulnerability details Impact In Comptroller contract : Market.collateralFactorMantissa mltiplier represents the maximum underlying asset amount the depositors can borrow against their collateral in a market,for example:if it is set to 0.9;then 90% of collateral value is allowed to b...
More collateral is seized than approved
Lines of code Vulnerability details Impact More collateral is seized outside of the comptroller's approved liquidation amount which means excess seizeTokens are transferred from the borrower to the liquidator leading to loss of funds Proof of Concept liquidateBorrowFresh first checks the allowanc...
Keepers are allowed to use the full EUSD balance of any provider to liquidate funds
Lines of code Vulnerability details Impact Keepers are allowed to use the full EUSD balance of any provider to liquidate funds. Normally, the keeper should only be allowed to use max of the amount that the provider approves to LybraStETHVault. But the check only checks if the provider gives an...
liquidation is vulnerable to sandwich attacks
Lines of code Vulnerability details when an account is liquidated, there is no minimum amount of the swap, which makes it vulnerable for sandwich attacks. Proof of Concept Alice's long position can be liquidated, bob notices it and creates a short position, then liquidates her position, thus...
Liquidated positions can potential have non-zero debts, making users who deposit to the positions suffer from unfair debt
Handle WatchPug Vulnerability details In the current implementation, new borrows will be charged a 0.5% interest right away. Making the borrower be recorded a 100.5% amount of debt. However, when a position got liquidated, the unrealized interest may still remain in the position while the...