search

code-423n4 / 2024-05-gondi-mitigation-findings

0 stars 0 forks source link

M-11 MitigationConfirmed #106

Open c4-bot-1 opened 3 months ago

c4-bot-1 commented 3 months ago

Lines of code

Vulnerability details

C4 Issue

M-11: AuctionLoanLiquidator#placeBid can be DoS

Comments

Original vulnerabilities/impacts: The vulnerability is that there is no minimal bid amount when placing a Bid, which allows an attacker to place a bid a dust amount, and potentially front-run other bidders with minimally improved prices to get the collateral NFT at a dust value.

Mitigation

Fix: https://github.com/pixeldaogg/florida-contracts/pull/377/files

//src/lib/AuctionLoanLiquidator.sol
    function liquidateLoan(
        uint256 _loanId,
        address _nftAddress,
        uint256 _tokenId,
        address _asset,
        uint96 _duration,
|>      uint256 _minBid,
        address _originator
    ) external override nonReentrant returns (bytes memory) {
...
        Auction memory auction = Auction(
            msg.sender,
            _loanId,
            0,
            _triggerFee,
            _minBid,
            address(0),
            _duration,
            _asset,
...
    function _placeBidChecks(address _nftAddress, uint256 _tokenId, Auction memory _auction, uint256 _bid)
        internal
        view
        virtual
    {
...
|>      if ((_bid < _auction.minBid) || (_auction.highestBid.mulDivDown(_BPS + MIN_INCREMENT_BPS, _BPS) >= _bid)) {
            revert MinBidError(_bid);
        }
...

The mitigation is to set a minimal bid value(minBid) for each auction and only allow an auction to be created with at least the minimal value as a first bid.

This is implemented in several steps: (1) In AuctionLoanLiquidator::liquidateLoan, adding _minBid field into struct Auction (updating the corresponding Auction TypeHash, and hashing function in Hash.sol); (2) In AuctionLoanLiquidator::_placeBidChecks, adding a check on _bid value in _placeBidChecks is at least minimum bid required in struct Auction; (3) In LiquidationHandler.sol, add MIN_BID_LIQUIDATION percentage to calculate the minimum bid value based on principal amount in LiquidationHandler::_liquidateLoan()

The above mitigation resolves the issue and ensures a minimal bid amount calculated based on MIN_BID_LIQUIDATION will be set for each auction.

However, it should be noted that In LiquidationHandler.sol, an event MinBidLiquidationUpdated(uint256 newMinBid) is declared but never used. If the intention is to allow the owner to change MIN_BID_LIQUIDATION , then consider changing MIN_BID_LIQUIDATION to be mutable and add onlyOwner function to change this value.

//src/lib/LiquidationHandler.sol
...
    uint256 public constant MIN_BID_LIQUIDATION = 50;
...
    event MinBidLiquidationUpdated(uint256 newMinBid);

Test

The revised test is passing.

Conclusion

LGTM

c4-judge commented 3 months ago

alex-ppg marked the issue as satisfactory

c4-judge commented 3 months ago

alex-ppg marked the issue as confirmed for report