Small positions are allowed in the system that are not profitable for liquidators

[c4-bot-2]

Lines of code

https://github.com/code-423n4/2023-12-initcapital/blob/main/contracts/core/InitCore.sol#L124

Vulnerability details

Proof of Concept

When someone borrows, then he can borrow any assets amount that he would like. In the end function will check that position is healthy, which means that user has enough collateral amount to cover borrowed amount.

The problem is that this function doesn't restrict minimum amount that user can borrow. So in case if such a small position will be open, that liquidator's profit on liquidation will be negative(gas costs is bigger), then liquidators will not liquidate such position and there is a risk that soon it will accrue bad debt for the pool. The more such small positions pool has, the more bad debt occurs, which means that suppliers lose funds.

Impact

Because of small positions bad debt can occur, that is distributed among suppliers.

Recommended Mitigation Steps

Each pool should have minPosition param, so it's not possible to have smaller position. Also make sure, that liquidating and repaying also can't make position to be smaller than minimum amount.

Assessed type

Error

[c4-judge]

hansfriese marked the issue as primary issue

[c4-judge]

hansfriese marked the issue as duplicate of #40

[c4-sponsor]

fez-init (sponsor) disputed

[fez-init]

This is the design choice we made.

[c4-judge]

hansfriese marked the issue as unsatisfactory: Invalid