c4-bot-8 commented 9 months ago

Lines of code

https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/stable/CollateralAndLiquidity.sol#L140-L188

Vulnerability details

Impact

The lack of a time-based restriction exposes the system to potential abuse, as users might liquidate positions immediately after depositing or borrowing, without allowing for a reasonable time period for market fluctuations or system adjustments.

Proof of Concept

The liquidateUser function, responsible for liquidating undercollateralized positions, does not include a time-based restriction. While the code checks various conditions, it does not verify whether a certain amount of time has passed since the user's last deposit or borrow action, potentially allowing immediate liquidation after these actions.

// Example code snippet from liquidateUser function
function liquidateUser(address wallet) external nonReentrant {
    require(wallet != msg.sender, "Cannot liquidate self");

    // Additional conditions...

    // Withdraw the liquidated collateral from the liquidity pool.
    // The liquidity is owned by this contract so when it is withdrawn it will be reclaimed by this contract.
    (uint256 reclaimedWBTC, uint256 reclaimedWETH) = pools.removeLiquidity(wbtc, weth, userCollateralAmount, 0, 0, totalShares[collateralPoolID]);

    // Additional actions...
}

Tools Used

Manual

Recommended Mitigation Steps

Implement a time-based restriction within the liquidateUser function, ensuring that users can only trigger liquidation if a predefined time period has passed since their last deposit or borrow action.

Assessed type

Invalid Validation

Picodes commented 9 months ago

See https://github.com/code-423n4/2024-01-salty-findings/issues/891

c4-judge commented 9 months ago

Picodes marked the issue as unsatisfactory: Invalid

code-423n4 / 2024-01-salty-findings

Lack of Time-Based Restriction for liquidateUser Function #694