The _setCloseFactor() is called by the protocol's admin to configure the close factor used when liquidating borrow positions. The closeFactorMinMantissa and closeFactorMaxMantissa state variables are listed in the contract but they are not used in closeFactorMaxMantissa() to enforce suitable min and max values. Therefore, a malicious value may be configured, causing the protocol to break.
Recommended Mitigation Steps
Consider utilising the closeFactorMinMantissa and closeFactorMaxMantissa state variables to ensure _setCloseFactor() is updated correctly.
Lines of code
https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Comptroller.sol#L782-L791 https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Comptroller.sol#L74-L78
Vulnerability details
Impact
The
_setCloseFactor()
is called by the protocol's admin to configure the close factor used when liquidating borrow positions. ThecloseFactorMinMantissa
andcloseFactorMaxMantissa
state variables are listed in the contract but they are not used incloseFactorMaxMantissa()
to enforce suitable min and max values. Therefore, a malicious value may be configured, causing the protocol to break.Recommended Mitigation Steps
Consider utilising the
closeFactorMinMantissa
andcloseFactorMaxMantissa
state variables to ensure_setCloseFactor()
is updated correctly.