A user is not allowed to borrow any USDS if the value of their collateral in USD is less than minimumCollateralValueForBorrowing. However, it can be bypassed by withdrawing collateral after borrowing a small amount of USDS due to the lack of minimumCollateralValueForBorrowing checking in CollateralAndLiquidity#withdrawCollateralAndClaim(). If this small position is undercollateralized, it might not be liquidated because there is insufficient incentive, resulting in a loss for the protocol.
Mitigation
commit 8e3231d
The mitigation removed the whole stablecoin framework: /stablecoin, /price_feed, WBTC/WETH collateral, PriceAggregator, price feeds and USDS.
The original issue was resolved since the flaw function and affected modules had been entirely removed.
Lines of code
Vulnerability details
Comments
A user is not allowed to borrow any USDS if the value of their collateral in USD is less than
minimumCollateralValueForBorrowing
. However, it can be bypassed by withdrawing collateral after borrowing a small amount of USDS due to the lack ofminimumCollateralValueForBorrowing
checking inCollateralAndLiquidity#withdrawCollateralAndClaim()
. If this small position is undercollateralized, it might not be liquidated because there is insufficient incentive, resulting in a loss for the protocol.Mitigation
commit 8e3231d The mitigation removed the whole stablecoin framework: /stablecoin, /price_feed, WBTC/WETH collateral, PriceAggregator, price feeds and USDS. The original issue was resolved since the flaw function and affected modules had been entirely removed.
Conclusion
Confirmed