lucas-manuel
commented
3 years ago We will be upgrading liquidations post-launch.
Open code423n4 opened 3 years ago
lucas-manuel
commented
3 years ago We will be upgrading liquidations post-launch.
Handle
janbro
Vulnerability details
Summary
Collateral can be held hostage by borrower by manipulating Uniswap rates outside of the slippage range with a sandwich attack on triggerDefault().
Risk Rating
Low
Vulnerability Details
Borrowers can launch a front running/sandwich attack on triggerDefault() which manipulates the price on Uniswap outside the maxSwapSlippage range causing the function to revert and the collateral to stay in the collateralLocker. There is no way to transfer the collateral out of the collateralLocker after a loan default without going through a Uniswap trade, so a borrower can lock funds indefinitely for a fraction of the locked collateral (cost of Uniswap fees) and potentially hold their collateral hostage.
Impact
Collateral cannot be withdrawn from the collateralLocker.
Proof of Concept
See https://cmichel.io/de-fi-sandwich-attacks/
Tools Used
Manual code review
Recommended Mitigation Steps
Use more than one source of liquidity for liquidations.