Depositors might not be able to withdraw from StabilityPool if any collateral's price drops significantly

Lines of code Vulnerability details In the TroveManager contract, the closeTrove function contains a check to ensure there is more than one trove, as shown below. TroveManager.solL1278-L1282: function closeTroveaddress borrower, address collateral, Status closedStatus internal assertclosedStatus ...

Index of removed Trove is not updated

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. In the function removeTroveOwner in the TroveManager contract the Trovesborrowercollateral.arrayIndex is still equal to its previous index even though it has been removed from TroveOwners and therefore...

Redemption fee increase can be thwarted

Lines of code Vulnerability details Impact The mechanism to increase the baseRate during redemptions is moot, up to gas fees. Therefore an arbitrageur can redeem more than what is healthy for the supply of LUSD. This weakens the price floor at $1, and may cause needless volatility. It further...

Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode

TCR is temporarily miscalculated in the batchLiquidateTroves function during Recovery Mode. The bug lies in batchLiquidateTroves of TroveManager. When calculating system's entire collateral, we should also exclude the liquidated trove's surplus collateral, since liquidation closes the trove and...