M-09 MitigationConfirmed

[c4-bot-7]

Lines of code

Vulnerability details

C4 issue

M-09: Liquidation reward sent to msg.sender instead of recipient

Comments

The liquidate function allows liquidators to pass in a LiquidateParams.recipient. This value designates the recipient of the liquidation reward. Unfortunately, the liquidate function doesn't utilize this value. Instead, the protocol sets the msg.sender as the liquidation recipient. This can be seen when _sendPositionValue is called:

_sendPositionValue(params.tokenId, state.liquidationValue, state.fullValue, state.feeValue, msg.sender);

Mitigation

PR #20

Instead of passing msg.sender into _sendPositionValue, the code now passes in params.recipient. This change now sends the liquidation reward to the correct address, aka params.recipient.

Conclusion

LGTM

[c4-judge]

jhsagd76 marked the issue as satisfactory