search

code-423n4 / 2023-05-venus-findings

2 stars 1 forks source link

`Comptroller.sol#preLiquidateHook` may be front-run to avoid liquidation #443

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-venus/blob/main/contracts/Comptroller.sol#L469-L472

Vulnerability details

Impact

File: Comptroller.sol
 469         uint256 maxClose = mul_ScalarTruncate(Exp({ mantissa: closeFactorMantissa }), borrowBalance);
 470         if (repayAmount > maxClose) {
 471             revert TooMuchRepay();
 472         }

When repayAmount > maxClose, liquidation occurs revert. Attackers can use this mechanism to front-run liquidate a little wei to avoid liquidation.

Proof of Concept

  1. Alias liquidates Bob's position
  2. Bob front-run liquidate a little
  3. Alias's repayAmount > maxClose, then revert

Tools Used

manual

Recommended Mitigation Steps

It is recommended that if the liquidation quantity exceeds the upper limit, the liquidation quantity takes the upper limit value.

Assessed type

DoS

c4-judge commented 1 year ago

0xean marked the issue as duplicate of #255

c4-judge commented 1 year ago

0xean marked the issue as satisfactory