Closed code423n4 closed 1 year ago
The process is carried out inside the for loop, so the error will be bubbled up accordingly. Also the implementation remains in the intended behaviour due to the comment: we assume NO_ERROR == 0
Invalid assumption
0xSorryNotSorry marked the issue as low quality report
alcueca marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/Comptroller.sol#L579-L580
Vulnerability details
Impact
incorrect liquidity values that undermine the risk checks and constraints of the protocol
Proof of Concept
getHypotheticalAccountLiquidityInternal does not handle snapshot errors properly. Specifically:
It calls MToken.getAccountSnapshot() to get the account's token balance, borrow balance, and exchange rate. If getAccountSnapshot returns a non-zero error code, it immediately returns SNAPSHOT_ERROR without checking/fixing the invalid state. This means if there is a snapshot error for any of the user's entered markets, the function will return invalid liquidity values rather than failing gracefully
Tools Used
Manual
Recommended Mitigation Steps
-Track which markets had snapshot errors -Exclude those markets from the liquidity calculation -Return a specialized error code indicating which markets had issues
Assessed type
Other