Open c4-bot-8 opened 6 months ago
cryptotechmaker marked the issue as disagree with severity
Informational
dmvt marked the issue as primary issue
0xRektora (sponsor) confirmed
I agree with @cryptotechmaker. Although that'd sometime kill the functionality, there's no harm being done. Position repayment can still be done on the same chain. Attacker has no incentives to do so.
This finding is the written POC version of #154
The root cause is the same which is that repayAmount
is part
instead of elastic
@GalloDaSballo I believe this issue isn't related to issue #154, since this problem represents the manipulation of interest rates when repaying 100% of the debt. It's similar to a recommendation of slippage check for repayment. While #154 is about the missing conversion from shares to part of debt when calling repay()
, which leads to incorrectly using the user's funds. The code snippet and mitigation are different, you should check it carefully.
dmvt changed the severity to QA (Quality Assurance)
dmvt marked the issue as grade-a
Acknowledge
Lines of code
https://github.com/Tapioca-DAO/tapioca-periph/blob/2ddbcb1cde03b548e13421b2dba66435d2ac8eb5/contracts/Magnetar/modules/MagnetarOptionModule.sol#L169-L208
Vulnerability details
Impact
Since Magnetar performs xChain Operations, that can take some (small) amount of time
For calls that expect to repay 100% of the debt and withdraw their collateral
A front-runner can quickly borrow as much
asset
as they can onBB
to raise the interest rateThis will cause the
repay
request to fail as therepayAmount
is not anamount
but rather apart
, shares of the total debtMeaning that the caller may not have sufficient credit to repay
https://github.com/Tapioca-DAO/tapioca-periph/blob/2ddbcb1cde03b548e13421b2dba66435d2ac8eb5/contracts/Magnetar/modules/MagnetarOptionModule.sol#L169-L208
POC
Mitigation
It's worth investigating whether a full repayment is always possible, as interest rates could cause debt to grow
Overall changing the logic to repay to be in asset amounts, and making end users aware of this risk should be sufficient
Assessed type
MEV