M-16 MitigationConfirmed

[c4-bot-2]

Lines of code

Vulnerability details

C4 Issue

M-16: Repayments and liquidations can be forced to revert by an attacker that repays miniscule amount of shares

Issue Details

V3Vault.sol had checks inside repay() and liquidate() that reverted the transactions in case the amount of debt an account tries to repay exceeds the outstanding debt shares of the position.

This created an opportunity for attackers to DOS liquidations and repayments in the protocol by front running them with dust amount repayments which reduce a position debt by 1 share, making it very cheap to exploit.

Mitigation

PR-14 successfully mitigates the original issue that was present in repay() and liquidate():

• repay() - the check has been modified so that instead of reverting when shares to repay exceed the position debt it reduces them to the amount of the positions debt:

 if (shares > currentShares) {
            shares = currentShares;
            assets = _convertToAssets(shares, newDebtExchangeRateX96, Math.Rounding.Up);
  }

• liquidate() - the following check has been removed:

 if (debtShares != params.debtShares) { revert DebtChanged(); }

Comment

The changes in the PR introduce a new bug due to an incorrect shares conversion in the _deposit() function. I'm submitting it as a separate issue.

Conclusion

Mitigation Confirmed

[c4-judge]

jhsagd76 marked the issue as satisfactory

[c4-judge]

jhsagd76 marked the issue as confirmed for report