c4-judge
commented
6 months ago Picodes marked the issue as satisfactory
Open c4-bot-8 opened 7 months ago
c4-judge
commented
6 months ago Picodes marked the issue as satisfactory
Lines of code
Vulnerability details
C4 Issue
https://github.com/code-423n4/2024-01-salty-findings/issues/279
Comments
The protocol enforces a minimum collateral requirement to mitigate the risk that small loans may not be liquidated, potentially leading to bad debt. This safeguard is circumvented by a loophole allowing users to withdraw collateral after taking out a loan, thus reducing their collateral below the minimum threshold. The core issue with small loans lies in the liquidation process; the reward for liquidating a loan is a flat 5% of the collateral, without a minimum fee cap. Considering liquidation and gas costs, it becomes economically unfeasible to liquidate loans if the collateral val. ue drops below a certain point (e.g., $100 USDS) since the liquidation reward does not cover the costs. Hence there will be no incentive to liquidate small loans.
Mitigation
https://github.com/othernet-global/salty-io/commit/8e3231d3f444e9851881d642d6dd03021fade5ed
The mitigation for this issue revolved around the deprecation of number of key components including the removal of the overcollateralized USDS stablecoin framework, borrowing and liquidatios. This means the issue with liquidation of small loans is now nonexistent.