Open c4-submissions opened 10 months ago
minhquanym marked the issue as primary issue
minhquanym marked the issue as sufficient quality report
If the market is closed, all debt is returned to the market and the borrower is no longer able to access borrow
. Doesn't actually matter what the reserve ratio is at that point.
Willing to acknowledge as a QA.
laurenceday marked the issue as disagree with severity
laurenceday (sponsor) acknowledged
MarioPoneder changed the severity to QA (Quality Assurance)
MarioPoneder marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-10-wildcat/blob/c5df665f0bc2ca5df6f06938d66494b11e7bdada/src/WildcatMarketController.sol#L490 https://github.com/code-423n4/2023-10-wildcat/blob/c5df665f0bc2ca5df6f06938d66494b11e7bdada/src/market/WildcatMarket.sol#L142
Vulnerability details
Impact
Once the market is closed the reserveRatioBips is set to zero value.
The problem is that there could be a
temporaryExcessReserveRatio[market]
in progress, returning back thestate.reserveRatioBips
to a non zero value causing that the liquidityRequired() to be positive because there is a non zero reserve ratio. This behaivour will cause that the borrower can be in deliquency even when the market is closed.Proof of Concept
Please consider the next scenario:
tmp.reserveRatioBips
is 100.Tools used
Manual review
Recommended Mitigation Steps
Add a restriction in the resetReserveRatio() function that it could not be called when the market is closed.
Assessed type
Access Control