c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Lines of code
Vulnerability details
Issue mitigated
About the problem
Before current update, Vault had exchange rate that was stored as separate variable.
Vault.liquidatefunction has_amountOutparam, which was used such as exchange rate is always 1. The same value was used as asset amount and as shares amount without any conversion. Because of thatliquidatefunction worked not as expected.Solution
Now, Vault doesn't have any exchange rate in case if it's collateralized.
Vault.liquidatefunction can be called only when vault is collateralized, which means that in such case exchange rate is 1:1. Because of that, it's now correct to use_amountOutfunction same for assets and for shares. As result, issue has gone.