Closed c4-submissions closed 9 months ago
Lack of proof for impact
bytes032 marked the issue as insufficient quality report
GalloDaSballo (sponsor) disputed
We have shown the broken invariant when all CDPs are below MCR, this doesn't show any issue with the system, just a failure scenario
jhsagd76 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-10-badger/blob/f2f2e2cf9965a1020661d179af46cb49e993cb7e/packages/contracts/contracts/LiquidationLibrary.sol#L153-L156
Vulnerability details
Impact
I came across the following in the main invariants:
L-12: TCR must increase after liquidation with no redistributions
But in some cases, theTCR
may fall below theoriginal TCR
whenpartially liquidating
.Proof of Concept
Let's consider a scenario where there is a
CDP
with anICR
below theLICR
of 103%. A user attempts to partially liquidate thisCDP
. In this case, theICR
falls below theoriginal ICR
, resulting in a decrease in theTCR
as well.Tools Used
Recommended Mitigation Steps
Add below check to
_liquidateIndividualCdpSetupCDP
function:After adding this, we observe that some tests will fail. This indicates that we are allowing the
TCR
to fall below theoriginal TCR
after partial liquidation at this point, violating the main invariants.Assessed type
Error