Incorrect liquidity calculations if snapshot errors occur

[code423n4]

Lines of code

https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/Comptroller.sol#L579-L580

Vulnerability details

Impact

incorrect liquidity values that undermine the risk checks and constraints of the protocol

Proof of Concept

getHypotheticalAccountLiquidityInternal does not handle snapshot errors properly. Specifically:

It calls MToken.getAccountSnapshot() to get the account's token balance, borrow balance, and exchange rate. If getAccountSnapshot returns a non-zero error code, it immediately returns SNAPSHOT_ERROR without checking/fixing the invalid state. This means if there is a snapshot error for any of the user's entered markets, the function will return invalid liquidity values rather than failing gracefully

Tools Used

Manual

Recommended Mitigation Steps

-Track which markets had snapshot errors -Exclude those markets from the liquidity calculation -Return a specialized error code indicating which markets had issues

Assessed type

Other

[0xSorryNotSorry]

The process is carried out inside the for loop, so the error will be bubbled up accordingly. Also the implementation remains in the intended behaviour due to the comment: we assume NO_ERROR == 0

Invalid assumption

[c4-pre-sort]

0xSorryNotSorry marked the issue as low quality report

[c4-judge]

alcueca marked the issue as unsatisfactory: Invalid