search

code-423n4 / 2024-04-revert-mitigation-findings

1 stars 1 forks source link

M-09 MitigationConfirmed #15

Open c4-bot-7 opened 4 months ago

c4-bot-7 commented 4 months ago

Lines of code

Vulnerability details

C4 issue

M-09: Liquidation reward sent to msg.sender instead of recipient

Comment

The issue is that liquidation reward is sent to msg.sender instead of recipient in LiquidateParams config:

struct LiquidateParams {
        // token to liquidate
        uint256 tokenId;
        // expected debt shares - reverts if changed in the meantime
        uint256 debtShares;
        // min amount to recieve
        uint256 amount0Min;
        uint256 amount1Min;
        // recipient of rewarded tokens
        address recipient;
        // if permit2 signatures are used - set this
        bytes permitData;
    }
// send promised collateral tokens to liquidator
        (amount0, amount1) =
            _sendPositionValue(params.tokenId, state.liquidationValue, state.fullValue, state.feeValue, msg.sender);

Mitigation

PR #20 The mitigation code changes msg.sender to params.recipient to sent liquidation reward to the input recipient instead:

// send promised collateral tokens to liquidator
        (amount0, amount1) = _sendPositionValue(
            params.tokenId, state.liquidationValue, state.fullValue, state.feeValue, params.recipient, params.deadline
        );

The mitigation solved the original issue

Conclusion

LGTM

c4-judge commented 4 months ago

jhsagd76 marked the issue as satisfactory