The system is subjected to Cross-Contract Reentrancy due to Insufficient validation for tokens, source and liquidity Pairs

[code423n4]

Lines of code

https://github.com/GenerationSoftware/pt-v5-cgda-liquidator/blob/7f95bcacd4a566c2becb98d55c1886cadbaa8897/src/LiquidationPair.sol#L224

Vulnerability details

Impact

A malicious actor can gain control of the liquidation process which can manipulate the POOL token price

Proof of Concept

Almost all the pieces of the protocol are open to everyone with no guard, and that can cause a serious problem. consider the following scenario that the attacker can do: 1- create a fake token and mint a large enough amount of it. 2- deploy a vault for that token 3- buy some POOL tokens 4- deploy a liquidationPair using liquidationPairFactory (to be registered) 5- deploy a swap source with both tokens and with the liquidate function I mentioned above he gains control of the flow and can do malicious actions to gain more prize

Tools Used

manual review

Recommended Mitigation Steps

add more strict validations and limit the allowed tokens to be used in vaults

Assessed type

Context

[raymondfam]

QA at best. Lack of real attack scenario.

[c4-pre-sort]

raymondfam marked the issue as low quality report

[c4-judge]

HickupHH3 marked the issue as unsatisfactory: Insufficient proof