c4-pre-sort
commented
6 months ago 0xEVom marked the issue as sufficient quality report
Closed c4-bot-3 closed 6 months ago
c4-pre-sort
commented
6 months ago 0xEVom marked the issue as sufficient quality report
c4-pre-sort
commented
6 months ago 0xEVom marked the issue as duplicate of #231
c4-pre-sort
commented
6 months ago 0xEVom marked the issue as duplicate of #222
c4-judge
commented
6 months ago jhsagd76 changed the severity to 2 (Med Risk)
c4-judge
commented
6 months ago jhsagd76 marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2024-03-revert-lend/blob/435b054f9ad2404173f36f0f74a5096c894b12b7/src/V3Vault.sol#L696-L698
Vulnerability details
Impact
A malicious user can stop themselves from being liquidated effecting more loses on the vault
Proof of Concept
The V3Vault.liquidate requires that the debt shares supplied by the laiquidator parms is the same and the nft id debts shares else it reverts. A malicious actor could take advantage of this by repaying very small amounts eg 1,2 unit amounts when ever they are about to be liquidated to make sure the debt shares decrease without actually making the position solvent
Tools Used
manual analysis
Recommended Mitigation Steps
dust repays should not be allowed and the above code block should be removed
Assessed type
Other