Closed c4-bot-3 closed 7 months ago
bytes032 marked the issue as sufficient quality report
bytes032 marked the issue as duplicate of #205
alex-ppg marked the issue as partial-75
A penalty has been applied as the submission fails to identify the flash-loan-based exploitation path (using a whale would put assets at risk), and contains a very broad mitigation plan.
alex-ppg changed the severity to 3 (High Risk)
Lines of code
https://github.com/code-423n4/2024-01-opus/blob/main/src/core/shrine.cairo#L1046
Vulnerability details
Impact
A whale can force the system to enter recovery mode simply by creating a trove with large deposits and minting a lot of yang.
In the recovery mode, the threshold for all troves is scaled down. If there are some troves in the system with already reasonably high LTV, entering the recovery mode will make these troves' LTV to cross their thresholds. The whale can now liquidate these troves and collect liquidation profits.
Proof of Concept
The PoC for this is in the existing shrine test
test_recovery_mode_previously_healthy_trove_now_unhealthy
. The user does not get the option to add to their position once the protocol enters the recovery mode, because both making the trove unhealthy and liquidating it can be done in a single transaction.Tools Used
Manual review and Starknet foundry.
Recommended Mitigation Steps
Allow some grace period after triggering recovery mode.
Assessed type
Other