M-24 MitigationConfirmed

[c4-bot-8]

Lines of code

Vulnerability details

C4 issue

M-24: Incorrect liquidation fee calculation during underwater liquidation, disincentivizing liquidators to participate

Comment

As stated in the Revert Lend Whitepaper, the liquidation fee for underwater positions is supposed to be 10% of the debt. However, the original code V3Vault. _calculateLiquidation calculates it as 10% of the fullValue:

 // all position value
            liquidationValue = fullValue;

            uint256 penaltyValue = fullValue * (Q32 - MAX_LIQUIDATION_PENALTY_X32) / Q32;
            liquidatorCost = penaltyValue;
            reserveCost = debt - penaltyValue;

MAX_LIQUIDATION_PENALTY_X32 = 10% * Q32

Mitigation

PR #7 The mitigation code is as follows:

uint256 penalty = debt * MAX_LIQUIDATION_PENALTY_X32 / Q32;

            // if value is enough to pay penalty
            if (fullValue > penalty) {
                liquidatorCost = fullValue - penalty;
            } else {
                // this extreme case leads to free liquidation
                liquidatorCost = 0;
            }

            liquidationValue = fullValue;
            reserveCost = debt - liquidatorCost; // Remaining to pay is taken from reserves

In case fullValue > penalty, then liquidatorCost = fullValue - penalty, liquidationValue = fullValue, so the liquidation premium earned by liquidator is liquidationValue - liquidatorCost = penalty = 0.1 debt. The mitigation solved the original issue.

Conclusion

LGTM

[c4-judge]

jhsagd76 marked the issue as satisfactory