Open c4-bot-7 opened 8 months ago
hansfriese marked the issue as primary issue
fez-init marked the issue as disagree with severity
This should be QA.
fez-init (sponsor) acknowledged
Downgrade to QA due to the low impact.
hansfriese changed the severity to QA (Quality Assurance)
hansfriese marked the issue as grade-a
Lines of code
https://github.com/code-423n4/2023-12-initcapital/blob/main/contracts/core/InitCore.sol#L538 https://github.com/code-423n4/2023-12-initcapital/blob/main/contracts/core/InitCore.sol#L306 https://github.com/code-423n4/2023-12-initcapital/blob/main/contracts/core/InitCore.sol#L348
Vulnerability details
Impact
User may avoid liquidations by doing smaller ones with less shares, frontrunning bigger ones. It may also happen as a natural flow, being costly for the liquidators as the revert of the transaction happens at the end of the call.
Proof of Concept
liquidate()
reverts if the shares out are less than the min shares amount. However, it also limits the shares to liquidate to the debt shares of the user. However, it does not limit the min shares out argument, which means that this argument could make no sense compared to the shares repayed.Thus, users can liquidate a smaller amount, frontrunning other liquidations and keeping most of the funds. If it happens naturally, the frontrunned liquidators incur gas costs due to the revert happening later in the call.
Here is a POC, place in
TestInitCore
: