By forcing the system to enter recovery mode, attacker can profit from liquidation previously healthy troves

[c4-bot-3]

Lines of code

https://github.com/code-423n4/2024-01-opus/blob/main/src/core/shrine.cairo#L1046

Vulnerability details

Impact

A whale can force the system to enter recovery mode simply by creating a trove with large deposits and minting a lot of yang.

In the recovery mode, the threshold for all troves is scaled down. If there are some troves in the system with already reasonably high LTV, entering the recovery mode will make these troves' LTV to cross their thresholds. The whale can now liquidate these troves and collect liquidation profits.

Proof of Concept

The PoC for this is in the existing shrine test test_recovery_mode_previously_healthy_trove_now_unhealthy. The user does not get the option to add to their position once the protocol enters the recovery mode, because both making the trove unhealthy and liquidating it can be done in a single transaction.

Tools Used

Manual review and Starknet foundry.

Recommended Mitigation Steps

Allow some grace period after triggering recovery mode.

Assessed type

Other

[tserg]

Duplicate of https://github.com/code-423n4/2024-01-opus-findings/issues/205

[c4-pre-sort]

bytes032 marked the issue as sufficient quality report

[c4-pre-sort]

bytes032 marked the issue as duplicate of #205

[c4-judge]

alex-ppg marked the issue as partial-75

[alex-ppg]

A penalty has been applied as the submission fails to identify the flash-loan-based exploitation path (using a whale would put assets at risk), and contains a very broad mitigation plan.

[c4-judge]

alex-ppg changed the severity to 3 (High Risk)