search

code-423n4 / 2024-05-gondi-mitigation-findings

0 stars 0 forks source link

M-18 MitigationConfirmed #113

Open c4-bot-2 opened 3 months ago

c4-bot-2 commented 3 months ago

Lines of code

Vulnerability details

C4 Issue

M-18: distribute() when can't repay all lenders, may lack of notification to LoanManager for accounting

Comments

Original vulnerabilities/impacts: The report raises a vulnerable case during the liquidation auction settlement process. Where there are insufficient proceeds from the auction to pay for all tranche lenders, the lenders who are not paid will not be called to notify loan liquidation settlement. And if the lender is a loanManager/pool, the pool contract will not have a chance to update accounting (e.g. adjusting sumAPR, or settle bad debts).

The core vulnerability is the for-loop of handling proceeds will break as soon as there are no _proceeds left to distribute, which will directly skip calling LoanManager(_tranche.lender).loanLiquidation() in _handleLoanManagerCall().

Mitigation

Fix: https://github.com/pixeldaogg/florida-contracts/pull/391

//src/lib/LiquidationDistributor.sol
    function distribute(uint256 _proceeds, IMultiSourceLoan.Loan calldata _loan) external {
...
        if (_proceeds > totalPrincipalAndPaidInterestOwed + totalPendingInterestOwed) {
...
        } else {
 |>          for (uint256 i = 0; i < _loan.tranche.length;) {
                IMultiSourceLoan.Tranche calldata thisTranche = _loan.tranche[i];
                _proceeds = _handleTrancheInsufficient(
                    _loan.principalAddress, thisTranche, msg.sender, _proceeds, owedPerTranche[i]
...
    function _handleTrancheInsufficient(
        address _tokenAddress,
        IMultiSourceLoan.Tranche calldata _tranche,
        address _liquidator,
        uint256 _proceedsLeft,
        uint256 _trancheOwed
    ) private returns (uint256) {
...
            if (_proceedsLeft != 0) {
                ERC20(_tokenAddress).safeTransferFrom(_liquidator, _tranche.lender, _proceedsLeft);
            }

The mitigation is to let the for-loop finishing run for each tranche iteration, which will call LoanManager(_tranche.lender).loanLiquidation() to notify liquidation settlement. And only check and transfer proceeds when _proceedsLeft !=0.

This mitigation eliminates the vulnerability and resolves the issue.

Conclusion

LGTM

c4-judge commented 3 months ago

alex-ppg marked the issue as satisfactory

c4-judge commented 3 months ago

alex-ppg marked the issue as confirmed for report