search

code-423n4 / 2023-05-venus-findings

2 stars 1 forks source link

`Comptroller.sol#_getHypotheticalLiquiditySnapshot` did not calculate the interest of all vTokens #437

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-venus/blob/main/contracts/Comptroller.sol#L1307

Vulnerability details

Impact

_getHypotheticalLiquiditySnapshot function is used to calculate the health of all vToken collateral of the user. The problem here is accrueInterest function is not being called to update the interest when all vTokens are counted. As a result, the user's position is healthier than the actual situation.

Proof of Concept

  1. The user has borrowed a lot of vTokens and has reached the liquidation threshold
  2. However, since the interest has not been updated, the user himself is healthy, and it is still possible to redeem and borrow

Tools Used

manual

Recommended Mitigation Steps

    function _getHypotheticalLiquiditySnapshot(
        address account,
        VToken vTokenModify,
        uint256 redeemTokens,
        uint256 borrowAmount,
        function(VToken) internal view returns (Exp memory) weight
    ) internal view returns (AccountLiquiditySnapshot memory snapshot) {
        // For each asset the account is in
        VToken[] memory assets = accountAssets[account];
        uint256 assetsCount = assets.length;

        for (uint256 i; i < assetsCount; ++i) {
            VToken asset = assets[i];
+           asset.accrueInterest();

Assessed type

Other

c4-judge commented 1 year ago

0xean marked the issue as duplicate of #104

c4-judge commented 1 year ago

0xean changed the severity to 2 (Med Risk)

c4-judge commented 1 year ago

0xean marked the issue as satisfactory

c4-judge commented 1 year ago

0xean marked the issue as duplicate of #486