Closed c4-bot-5 closed 5 months ago
The submission does not provide any demonstration of the issue, reasoning and code blocks.
0xSorryNotSorry marked the issue as insufficient quality report
Trumpero marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/2376d9af792584e3d15ec9c32578daa33bb56b43/src/loan/AuctionHouse.sol#L166-L196
Vulnerability details
I have a relatively unique attack idea. Taking the USDC market created in the GIP_0 contract as an example, in the first launched term, the hardCap of gUSDC is 2 million:
Assume that a malicious team uses approximately $2 million in real costs as collateral (ERC20_SDAI) and uses multiple witch accounts to mint all 2 million gUSDC.
In the PSM contract, assume that other users provide 1 million USDC as peg tokens.
A malicious team calls the redeem function in the PSM contract, burns one million gUSDC, and gets one million USDC.
The malicious team still has 1 million gUSDC left, and they deliberately turn all their gUSDC into bad debts. At this time, their ERC20_SDAI collateral will be auctioned off.
Since malicious teams hold the most gUSDC, they are in the most advantageous position during the auction process and can buy back all ERC20_SDAI collateral at a low price in the form of an auction.
So far, the malicious team has earned a total of 1 million USDC!
Additional Context:
Auction mechanism: at first, offer 0% collateral, ask 100% debt. Then, over time, offer a larger % of the collateral and still 100% debt. At 'midpoint', 100% collateral is offered asking for 100% debt, and if nobody has bid, bad debt will be realized. In the second phase, 100% collateral is offered and less and less debt is asked. When we reach the end of the auction (100% collateral offered, 0% debt asked), nobody can bid in the auction anymore, and the loans can be automatically forgiven (marking it as a 100% loss). The first to bid wins the auction, making it a race to arbitrage (onchain MEV or otherwise).
Assessed type
Other