search

code-423n4 / 2024-04-dyad-findings

8 stars 6 forks source link

No incentive to liquidate small positions due to gas costs on Ethereum #1199

Closed c4-bot-4 closed 5 months ago

c4-bot-4 commented 6 months ago

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/cd48c684a58158de444b24854ffd8f07d046c31b/src/core/VaultManagerV2.sol#L205

Vulnerability details

Impact

There is no incentive to liquidate low value positions such as 5$ USD worth of collateral because of gas costs on Ethereum (even worse in high gas scenarios). This causes the protocol to potentially accrue bad debt and become under-collaterized over time.

Proof of Concept

Liquidators will proceed to liquidate users if there is an incentive. If there isn't one, no one will call the liquidate() function.

For example, a user deposits 8 USD worth of collateral and mints 4 DYAD. Let's say the price of the collateral drops causing the value of go from 8 USD to 5 USD.

Now since the user has 5 USD worth of collateral and has 4 DYAD minted, the user is undercollateralized and must be liquidated in order to ensure that the protocol remains overcollateralized (150% of 4 DYAD = 6 USD minimum threshold required but value of collateral is 5 USD right now).

Because the value of the position is so low, after gas costs on Ethereum, liquidators will not make a profit liquidating this user. In the end, these low value positions will never get liquidated, leaving the protocol with bad debt and can even cause the protocol to be undercollateralized with enough small value accounts being underwater.

Tools Used

Manual Review

Recommended Mitigation Steps

Consider allowing users to mint DYAD if their collateral value is past a certain threshold.

Assessed type

Error

c4-pre-sort commented 6 months ago

JustDravee marked the issue as duplicate of #1258

c4-pre-sort commented 6 months ago

JustDravee marked the issue as sufficient quality report

c4-judge commented 6 months ago

koolexcrypto changed the severity to QA (Quality Assurance)

c4-judge commented 5 months ago

koolexcrypto marked the issue as grade-c

c4-judge commented 5 months ago

This previously downgraded issue has been upgraded by koolexcrypto

c4-judge commented 5 months ago

koolexcrypto marked the issue as satisfactory

c4-judge commented 5 months ago

koolexcrypto marked the issue as duplicate of #175