c4-judge
commented
4 months ago jhsagd76 marked the issue as satisfactory
Open c4-bot-6 opened 4 months ago
c4-judge
commented
4 months ago jhsagd76 marked the issue as satisfactory
Lines of code
Vulnerability details
C4 Issue
M-15: Users' newly created positions can be prematurely closed and removed from the vault...
Issue Details
V3Vault.solexposed a vulnerability where newly created positions without any debt, could be prematurely closed and removed from the vault by front-running their firstborrow()call with arepay()call.Since
repay()transfers back the positions to their owners after full debt repayment, it was very easy for anyone to close any position immediately after it was created because debt is 0, which means no funds will be repaid and the position still gets transferred out of the vaultMitigation
PR-8 successfully mitigates the original issue by introducing the following 2 changes:
pull over pushpattern, where NFT transfers do not happen automatically, but through a separate function calledremove()that should be called by the owners explicitlyrepay()that prevents 0 shares repaymentsConclusion
Mitigation Confirmed