c4-judge
commented
4 months ago jhsagd76 marked the issue as satisfactory
Open c4-bot-5 opened 4 months ago
c4-judge
commented
4 months ago jhsagd76 marked the issue as satisfactory
Lines of code
Vulnerability details
C4 Issue
H-06: Owner of a position can prevent liquidation due to the 'onERC721Received' callback
Issue Details
Liquidating a position in
V3Vault.solused to directly send back the NFT to its owner in the same transaction. This allowed a malicious borrower contract to make itsonERC721Received()function revert and prevent liquidation from happeningMitigation
PR-8 successfully mitigates the original issue by implementing the
pull over pushpattern when returning position NFTs to their owners:_cleanupLoan()function used insideliquidate()to send the liquidated position NFT to its owner has been refactored so that it only clears the position from the loan, without sending it directly.remove()method has been added, so that the owner can withdraw the NFT from the protocolDue to the changes,
liquidation()cannot be DOSed through this vector.Conclusion
Mitigation Confirmed