search

code-423n4 / 2023-07-tapioca-findings

14 stars 9 forks source link

Market in SIngularity cannot disable using as a collateral (LTV=0) completely while being borrowable. #101

Open code423n4 opened 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contracts/markets/Market.sol#L233-L239

Vulnerability details

Impact

Market in Singularity cannot be disabled using as a collateral (LTV=0) completely by (collateralizationRate to 0) while being borrowable.

a market in lending protocol works by having a collateralFactor (<1) that gives a user deposit value, for borrowing. The deposit while earning interest, also the collateral for borrowing at the same time.

However, there are assets, that is meant to work only as a borrowable asset, but not eligible for collateralization. For example, USDT in Aave (ETH-mainnet). This asset typically has an LTV (collateralFactor) of 0, such that they dont contribute to a user's borrowing ability.

However, in the design of Market.sol, collateralizationRate can only be set through setMarketConfig, which has the conditional checks that the new _collateralizationRate is a non-zero value.

        if (_collateralizationRate > 0) {
            require(
                _collateralizationRate <= FEE_PRECISION,
                "Market: not valid"
            );

https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contracts/markets/Market.sol#L233-L239

This is an issue could right now then the protocol cannot onboard a "USDT-type" asset, this is only borrowable but not intended to work as collateral.

While the operator can set the totalBorrowCap to 0 to sunset/stop new borrowing of a newly onboarded market, however consider there is some risk changes on an already onboarded market, and the market has to be disabled as collateral, then setting totalBorrowCap to 0 would not impact existing borrower who already have utilised the asset as collateral to borrow already.

Setting collateralizationRate to 0 is the only way for the protocol to completely disable the asset(new/existing) as a collateral, however right now the operator is unable to do so.

Proof of Concept

Tools Used

Recommended Mitigation Steps

remove the 0 checks to enable a value of 0 to be set into collateralizationRate.

Assessed type

Invalid Validation

c4-pre-sort commented 1 year ago

minhquanym marked the issue as low quality report

minhquanym commented 1 year ago

Consider QA

c4-judge commented 1 year ago

dmvt changed the severity to QA (Quality Assurance)

c4-judge commented 1 year ago

dmvt marked the issue as grade-b

c4-judge commented 1 year ago

dmvt marked the issue as grade-a