Closed c4-bot-1 closed 4 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as primary issue
Inadequate proof to support your described issue.
hansfriese marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/PrimaryLiquidationFacet.sol#L47-L90 https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/libraries/LibSRUtil.sol#L102-L122 https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/libraries/LibSRUtil.sol#L22-L47
Vulnerability details
Summary
A shorter can repay the ercDebt on their Short Record to trigger Recovery Mode and then liquidate users
Vulnerability Details
The idea behind Recovery Mode is a higher CR limit, which is imposed on Short Records when certain functions are called on them. Whether the higher CR limit gets imposed is determined by
checkRecoveryModeViolation()
and the calculation of an Asset's CR as a whole:This effectively gives external control over the setting of
recoveryCR
. When a shorter reduces their Short Record'sercDebt
they will causeAsset.dethCollateral
to decrease also. This could be achieved by the repayment of Short Records with very healthy CRs via the short repayment functions inExitShortFacet.sol
which calldisburseCollateral()
:Although
recoveryCR
will equalliquidationCR
initially for dUSD, this will not be the case for all assets, and maybe notdUSD
in long term.Impact
Being able to trigger a change of CR to a higher level can be very damaging to users of the protocol, allowing an attacker to build up large short positions before crashing
assetCR
and liquidatin users before they have time to adjust to the new CR requirement.Tools Used
Manual Review Foundry Testing
Recommendations
Consider a reduced incentive for liquidators at this higher level
Assessed type
Other