Closed code423n4 closed 1 year ago
minhquanym marked the issue as primary issue
0xShaito marked the issue as disagree with severity
That is ok. If the user is not underwater they should not be liquidated.
Liquidators should use a protected rpc to avoid frontrunning anyways.
dmvt marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-07-amphora/blob/main/core/solidity/contracts/core/VaultController.sol#L691
Vulnerability details
Impact
Borrower can avoid liquidation by frontrunning a liquidation to make it revert the liquidateVault call in VaultController
During a call to liquidateVault, at the end of it there is such check:
https://github.com/code-423n4/2023-07-amphora/blob/main/core/solidity/contracts/core/VaultController.sol#L691
If a liquidator intends to liquidate the maximal quantity, namely to the point where
_getVaultBorrowingPower(_vault) == _vaultLiability(_id)
, but the vault owner frontruns the liquidator's transaction by repaying just 1wei USDA, or just a smaller amount plus the updatedInterest. Them, the liquidator's intended_tokensToLiquidate
would become invalid since it would break the last check.Consider:
Example
_tokensToLiquidate
as whatever the maxClose was at that point,Proof of Concept
Tools Used
Recommended Mitigation Steps
Consider implement a close factor so a liquidator is entitled to certain liquidatable whenever the position is unhealthy in the beginning of execution.
Assessed type
Context