The IsolatedMarginTrading contract does not define a default liquidationThresholdPercent which means it is set to 0.
The belowMaintenanceThreshold function uses this value and anyone could be liquidated due to 100 * holdings >= liquidationThresholdPercent * loan = 0 being always true.
Impact
Anyone can be liquidated immediately.
If the faulty belowMaintenanceThreshold function is fixed (see other issue), then nobody could be liquidated which is bad as well.
Recommended mitigation steps
Set a default liquidation threshold like in CrossMarginTrading contracts.
Email address
mail@cmichel.io
Handle
@cmichelio
Eth address
0x6823636c2462cfdcD8d33fE53fBCD0EdbE2752ad
Vulnerability details
The
IsolatedMarginTradingcontract does not define a defaultliquidationThresholdPercentwhich means it is set to 0.The
belowMaintenanceThresholdfunction uses this value and anyone could be liquidated due to100 * holdings >= liquidationThresholdPercent * loan = 0being always true.Impact
Anyone can be liquidated immediately. If the faulty
belowMaintenanceThresholdfunction is fixed (see other issue), then nobody could be liquidated which is bad as well.Recommended mitigation steps
Set a default liquidation threshold like in
CrossMarginTradingcontracts.