search

code-423n4 / 2024-04-revert-mitigation-findings

1 stars 1 forks source link

M-22 MitigationConfirmed #97

Open c4-bot-10 opened 5 months ago

c4-bot-10 commented 5 months ago

Lines of code

Vulnerability details

C4 issue

M-22: dailyDebtIncreaseLimitLeft is not updated in liquidate()

Comments

V3Vault provides a daily limit check for debt operations. This daily limit limits how much debt is utilized in debt operations. The expected specs for using this limit check is as follows:

  1. Reset the daily debt limit if necessary.
  2. Increase/decrease the daily debt limit.

Unfortunately, the liquidate function does not implement this daily debt limit feature. Because of this, when a user liquidates a loan position, the debt daily limit will not be updated.

Mitigation

PR #11

This fix provides the necessary updates to the liquidate function:

  1. At the beginning of the operation, the debt daily limit is reset if necessary.
  2. The daily debt limit is increased by the loan debt denominated in asset amount.

With these two fixes in place, the liquidate() function now increases the daily debt limit.

Conclusion

LGTM

c4-judge commented 5 months ago

jhsagd76 marked the issue as satisfactory

c4-judge commented 5 months ago

jhsagd76 marked the issue as confirmed for report