Closed c4-bot-3 closed 5 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as primary issue
Readme: Issues related to front-running: can front-run someone's order, liquidation, the chainlink/uniswap oracle update.
hansfriese marked the issue as unsatisfactory: Out of scope
Lines of code
https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/ExitShortFacet.sol#L41 https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/ExitShortFacet.sol#L87 https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/ExitShortFacet.sol#L142 https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/PrimaryLiquidationFacet.sol#L47
Vulnerability details
Impact
Malicious user can avoid liquidation by frontruning a liquidation call to liquidate their unhealthy position. This can jeopardise the protocol’s solvency.
Proof of Concept
This vulnerability is borne from the fact there is a missing check for state of health of the SR’s position in the the
exitShortWallet(...)
,exitShortErcEscrowed(...)
andexitShort(...)
functions respectively. and as such even unhealthy SRs can be liquidatedScenario
Liquidate(...)
to liquidate the positionexitShortErcEscrowed(...)
to exit his short making the liquidators call to fail and getsTools Used
Manual review
Recommended Mitigation Steps
My recommendation here is only part of the recommendation I gave in a separate issue I submitted for this contest titled Bad debt socialisation can lead to premature liquidation of healthy positions that exit partially
In the
exitShortWallet(...)
,exitShortErcEscrowed(...)
andexitShort(...)
functions, add a check to ensure the SR's CR is above liquidations CR is properly collateralised beforeupdateErcDebt(...)
is called in all the exit functions.Assessed type
Invalid Validation