search

code-423n4 / 2024-01-salty-findings

11 stars 6 forks source link

Increasing the collateral ratio will affect pre-existing borrows #349

Open c4-bot-9 opened 9 months ago

c4-bot-9 commented 9 months ago

Lines of code

https://github.com/code-423n4/2024-01-salty/blob/main/src/stable/CollateralAndLiquidity.sol#L95

Vulnerability details

Bug Description

The USDS stablecoin, collateralized by the WBTC/WETH pair in the Salty protocol, has a mechanism to liquidate user collateral when it falls below a certain threshold. By default, collateral becomes eligible for liquidation when it is less than 110% of the borrowed value. While the Salty protocol's DAO can adjust this liquidation threshold, the change is applied globally. This creates a situation where a user's previously safe position can suddenly become vulnerable to liquidation due to a DAO decision to increase the liquidation ratio.

Impact

This issue poses a significant risk to users who have borrowed funds under one set of terms, only to find their collateral suddenly subject to liquidation under new terms. Users with positions previously considered healthy could face unexpected liquidation without the opportunity to react or adjust their collateral.

Proof of Concept

Consider a scenario where a user has deposited 200 dollars worth of collateral and borrowed 100 USDS. If the value of the collateral drops to 110.5 dollars, the position remains safe under the initial 110% threshold. However, if the DAO subsequently increases the liquidation ratio to 111%, this same collateral becomes immediately eligible for liquidation, despite the user's initial agreement and expectations based on the lower ratio.

Tools Used

Manual Review

Recommended Mitigation Steps

To address this issue, the liquidation ratio should be tied to each borrowing instance rather than applied globally. This means tracking the liquidation ratio at the time of each borrow and using this specific ratio to assess the eligibility for liquidation. Such an approach ensures that users are subject to the terms they agreed to at the time of borrowing, providing more predictability and fairness. It also enables users to set up automated systems (like bots) to add collateral proactively, avoiding liquidation as per the terms they initially accepted.

Implementing this change would require modifications to how the liquidation ratio is stored and applied, ensuring it is associated with individual borrow transactions rather than a global parameter subject to change.

Assessed type

Other

c4-judge commented 9 months ago

Picodes marked the issue as duplicate of #626

c4-judge commented 8 months ago

Picodes changed the severity to QA (Quality Assurance)