Closed c4-bot-9 closed 4 months ago
JustDravee marked the issue as duplicate of #1258
JustDravee marked the issue as sufficient quality report
koolexcrypto changed the severity to QA (Quality Assurance)
koolexcrypto marked the issue as grade-c
This previously downgraded issue has been upgraded by koolexcrypto
koolexcrypto marked the issue as satisfactory
koolexcrypto marked the issue as duplicate of #175
Lines of code
https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L156-L169
Vulnerability details
Background
Collateral is a requirement before minting DYAD. The collateral should pass the collateral ratio when the time the minting of DYAD happened. When the collateral value is already below required collateral ratio, the user should give additional collateral in order to maintain the solvency of the account. If the user failed to give additional funds, his account is subject for liquidation.
Issue
The problem with this, is a certain user (i.e. well funded adversary) can deliberately create a lot of small loan accounts via minting NFTs and cause insolvency to the protocol. The process is the user will let the accounts to be below collateral ratio and let the liquidation happened.
However, the liquidation might not happen because of loss of incentives or profit from the undertaking. The collateral of these small loan accounts can't cover the cost of gas transaction making it unprofitable to the liquidator. If the liquidation won't happen, this will result to bad debt to protocol.
Impact
Small loan accounts can't be liquidated that can cause losses to protocol.
Proof of Concept
Let's illustrate the scenario here.
Tools Used
Manual Review
Recommended Mitigation Steps
Implement a minimum amount for minting DYAD that is profitable enough to be liquidated.
Assessed type
Other