code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/Comptroller.sol#L419

Vulnerability details

Impact

Liquidation could be DOSed by the borrower.

Proof of Concept

Due to the check in Comptroller.liquidateBorrowAllowed borrowers could cause DoS when liquidator attempts to liquidate all of the borrower's position. Since it's common for liquidators to liquidate all of the borrowers position for more gains. https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/Comptroller.sol#L419

function liquidateBorrowAllowed(
        address mTokenBorrowed,
        address mTokenCollateral,
        address liquidator,
        address borrower,
        uint repayAmount) override external view returns (uint) {

        ...SNIP

    if (repayAmount > maxClose) {//@audit should be refactored
            return uint(Error.TOO_MUCH_REPAY);
        }

        return uint(Error.NO_ERROR);
    }

The borrower could frontrun this liquidation transaction and repay a little portion of the debt, paying as low as 1 wei will make the borrowBalance to be less than what it was when the liquidator sent the transaction to liquidate the position.

Tools Used

Manual Review

Recommended Mitigation Steps

Recommendation

this function could be changed to:


function liquidateBorrowAllowed(
        address mTokenBorrowed,
        address mTokenCollateral,
        address liquidator,
        address borrower,
        uint repayAmount) override external view returns (uint) {

        ...SNIP

-   if (repayAmount > maxClose) {//@audit should be refactored
-           return uint(Error.TOO_MUCH_REPAY);
-       }

+        return repayAmount > maxClose ? maxClose : repayAmount;
    }

## Assessed type

DoS