search

code-423n4 / 2022-05-bunker-findings

1 stars 0 forks source link

`Comptroller.sol` Does Not Enforce `closeFactorMinMantissa` And `closeFactorMaxMantissa` In `_setCloseFactor()` #127

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Comptroller.sol#L782-L791 https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Comptroller.sol#L74-L78

Vulnerability details

Impact

The _setCloseFactor() is called by the protocol's admin to configure the close factor used when liquidating borrow positions. The closeFactorMinMantissa and closeFactorMaxMantissa state variables are listed in the contract but they are not used in closeFactorMaxMantissa() to enforce suitable min and max values. Therefore, a malicious value may be configured, causing the protocol to break.

Recommended Mitigation Steps

Consider utilising the closeFactorMinMantissa and closeFactorMaxMantissa state variables to ensure _setCloseFactor() is updated correctly.

bunkerfinance-dev commented 2 years ago

Duplicate of #76

gzeoneth commented 2 years ago

Fund not at risk and require admin misconfiguration, downgrading to Low / QA.

gzeoneth commented 2 years ago

Consider with warden's QA report #111