The issue describes how the protocol's functions to adjust the minimumCollateralRatioPercent and rewardPercentForCallingLiquidation inadvertently compromise its aim to maintain a collateral buffer of at least 105% against market volatility, due to a calculation oversight. The issue arises because the liquidation reward is computed as a percentage of the collateral amount rather than the borrowed amount, leading to situations where, after liquidation rewards are accounted for, the remaining collateral ratio falls below the intended 105% threshold.
The mitigation for this issue revolved around the deprecation of number of key components including the removal of the overcollateralized USDS stablecoin framework, adding collateral, liquidations etc.
Lines of code
Vulnerability details
C4 Issue
https://github.com/code-423n4/2024-01-salty-findings/issues/118
Comments
The issue describes how the protocol's functions to adjust the minimumCollateralRatioPercent and rewardPercentForCallingLiquidation inadvertently compromise its aim to maintain a collateral buffer of at least 105% against market volatility, due to a calculation oversight. The issue arises because the liquidation reward is computed as a percentage of the collateral amount rather than the borrowed amount, leading to situations where, after liquidation rewards are accounted for, the remaining collateral ratio falls below the intended 105% threshold.
Mitigation
https://github.com/othernet-global/salty-io/commit/8e3231d3f444e9851881d642d6dd03021fade5ed
The mitigation for this issue revolved around the deprecation of number of key components including the removal of the overcollateralized USDS stablecoin framework, adding collateral, liquidations etc.
Conclusion
LGTM