Closed code423n4 closed 1 year ago
0xSorryNotSorry marked the issue as primary issue
known issue, please read known issues as this is excluded from the contest
ElliotFriedman marked the issue as sponsor disputed
alcueca marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/Comptroller.sol#L394-L424
Vulnerability details
Impact
borrower's mTokens that do not join the market, but it still be Liquidation as collateral
Proof of Concept
If user wants to use mToken as collateral, the user needs to enter market with enterMarket() function.
Those who have joined the market can exit with the exitMarket() function.
So if it is not in the market, it should not be used as collateral, and this agreement should also use for Liquidation. But the current Liquidation method does not determine whether mTokenCollateral is in the market or not. The liquidator can seize mToken that has not entered a market.
Liquidation functions only determine whether mToken is a legitimate market, and does not determine whether the borrower has added it to the market(markets[address(mToken)].accountMembership[borrower] == true)
So there should be a restriction that the liquidator needs to choose one of the collaterals that this borrower has joined the market, not one that has not joined the market
Tools Used
Manual Review
Recommended Mitigation Steps
liquidateBorrowAllowed() function needs to check accountMembership is true for mToken.
Assessed type
Context