When deploying V3Vault contract, minLoanSize is originally set to 0:
// minimal size of loan (to protect from non-liquidatable positions because of gas-cost)
uint256 public minLoanSize = 0;
And in the uniswap v3, minting position does not have any limitation in value: original code
Attacker can mint multiple positions with small amount, transfer them to V3Vault and use them to borrow. When the price change, and these positions is under-collateralzed, there is no incentive for anyone to liquidate them because cost of gas required to call them is more than value of token they receive back.
Impact
Protocol will suffer bad debt because no one is willing to liquidate them
Tools Used
Manual review
Recommended Mitigation Steps
Variable minLoanSize should be set when initalizing this contract.
Lines of code
https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Vault.sol#L550-#L602
Vulnerability details
Vulnerability details
When deploying
V3Vault
contract,minLoanSize
is originally set to 0:And in the uniswap v3, minting position does not have any limitation in value: original code
Attacker can mint multiple positions with small amount, transfer them to
V3Vault
and use them to borrow. When the price change, and these positions is under-collateralzed, there is no incentive for anyone to liquidate them because cost of gas required to call them is more than value of token they receive back.Impact
Protocol will suffer bad debt because no one is willing to liquidate them
Tools Used
Manual review
Recommended Mitigation Steps
Variable
minLoanSize
should be set when initalizing this contract.Assessed type
Other