KryptoniteDAO / krp-cdp-contracts

Kryptonite stable coin kUSD relevant contracts
0 stars 0 forks source link

Liquidated loans without an adequate repayment #5

Closed smithmonnnnnnn closed 1 year ago

smithmonnnnnnn commented 1 year ago

Desciption: "In liquidate_collateral function from custody contract, there is no validation that info.sender is central_control contract. As a consequence, the coins to be used as repayment will only be transferred to stable_pool contract, without further logic to be executed. Later, an attacker could force the repayment of those coins to an arbitrary account, as shown in the following example:

  1. Attacker calls liquidate_collateral function in custody contract.
  2. An amount of stable coins are transferred from liquidation_queue contract to stable_pool contract.
  3. Attacker forces the repayment of coins to himself as described in vulnerability Arbitrary repayment of coins from liquidations (see below)." Code Location: krp-cdp-contracts/contracts/custody/src/contract.rs#L385