3 matches found
USDC blacklisted accounts can DOS the bidding system in Shortfall
Lines of code Vulnerability details Impact Shortfall contract is used to clear off any pool bad debt via auction. If the debt reached its mimimum value, anybody can start off the auction and place the bid. Attacker can bid with tokene.g. USDC, USDT that have a contract level admin controlled...
Bad debt auctions can be DoSed forever
Lines of code Vulnerability details Vulnerability Details For function Shortfall::placeBid in shortfall contract on L183 and L190 , the previous highest bidder’s funds stored in the shortfall contract has to be sent back to the bidder. This operation has to be successful before any new bid can be...
Bad debt bidders’ funds are locked forever when Shortfall address is changed during ongoing debt auction
Lines of code Vulnerability details Vulnerability Details When the protocol accrues bad debt, it can be auctioned off to anyone who is willing to pay. Each user wanting to participate in the auction has to lock their bid in Shortfall contract: function placeBidaddress comptroller, uint256 bidBps...