Open code423n4 opened 1 year ago
0xSorryNotSorry marked the issue as duplicate of #134
non issue
ElliotFriedman marked the issue as sponsor disputed
alcueca marked the issue as satisfactory
alcueca changed the severity to QA (Quality Assurance)
alcueca marked the issue as grade-a
Lines of code
https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/Comptroller.sol#L419
Vulnerability details
Impact
Liquidation could be DOSed by the borrower.
Proof of Concept
Due to the check in
Comptroller.liquidateBorrowAllowed
borrowers could cause DoS when liquidator attempts to liquidate all of the borrower's position. Since it's common for liquidators to liquidate all of the borrowers position for more gains. https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/Comptroller.sol#L419The borrower could frontrun this liquidation transaction and repay a little portion of the debt, paying as low as 1 wei will make the
borrowBalance
to be less than what it was when the liquidator sent the transaction to liquidate the position.Tools Used
Manual Review
Recommended Mitigation Steps
Recommendation
this function could be changed to: