V3Vault.sol had checks inside repay() and liquidate() that reverted the transactions in case the amount of debt an account tries to repay exceeds the outstanding debt shares of the position.
This created an opportunity for attackers to DOS liquidations and repayments in the protocol by front running them with dust amount repayments which reduce a position debt by 1 share, making it very cheap to exploit.
Mitigation
PR-14 successfully mitigates the original issue that was present in repay() and liquidate():
repay() - the check has been modified so that instead of reverting when shares to repay exceed the position debt it reduces them to the amount of the positions debt:
Lines of code
Vulnerability details
C4 Issue
M-16: Repayments and liquidations can be forced to revert by an attacker that repays miniscule amount of shares
Issue Details
V3Vault.sol
had checks insiderepay()
andliquidate()
that reverted the transactions in case the amount of debt an account tries to repay exceeds the outstanding debt shares of the position.This created an opportunity for attackers to DOS liquidations and repayments in the protocol by front running them with dust amount repayments which reduce a position debt by 1 share, making it very cheap to exploit.
Mitigation
PR-14 successfully mitigates the original issue that was present in
repay()
andliquidate()
:repay()
- the check has been modified so that instead of reverting when shares to repay exceed the position debt it reduces them to the amount of the positions debt:liquidate()
- the following check has been removed:Comment
The changes in the PR introduce a new bug due to an incorrect shares conversion in the
_deposit()
function. I'm submitting it as a separate issue.Conclusion
Mitigation Confirmed