Users might not get liquidated, and can make their position healthy by depositing more collateral
Proof of Concept
In Predy A particular user can liquidate themselves, and if they are eligible for liquidation can be confirmed by checkVaultIsDanger which ultimately checks bool isSafe = vaultValue >= minMargin && _vault.margin >= 0;
And they can be liquidated if they above check is true.
After Liquidation if they have remainning amount still left they are transfered the remainingmargin back by this check
if (!hasPosition) {
int256 remainingMargin = vault.margin;
if (remainingMargin > 0) {
if (vault.recipient != address(0)) {
// Send the remaining margin to the recipient.
vault.margin = 0;
sentMarginAmount = uint256(remainingMargin);
ERC20(pairStatus.quotePool.token).safeTransfer(vault.recipient, sentMarginAmount);//@audit if the user get's blacklisted after opening the position then the liquidation will fail
}
...
....
}
The protocol is compatible with tokens such as USDC/USDT,So if the user get's blacklisted after depositing in the protocol or before liquidation their liquidation will revert . So anyone also trying to liquidate them or themselves will fail in this process
Tools Used
Manual Review
Recommended Mitigation Steps
Have a logic to transfer the remaining margin to the predy pool and users withdrawing it from there.
Lines of code
https://github.com/code-423n4/2024-05-predy/blob/a9246db5f874a91fb71c296aac6a66902289306a/src/libraries/logic/LiquidationLogic.sol#L99
Vulnerability details
Impact
Users might not get liquidated, and can make their position healthy by depositing more collateral
Proof of Concept
In Predy A particular user can liquidate themselves, and if they are eligible for liquidation can be confirmed by checkVaultIsDanger which ultimately checks
bool isSafe = vaultValue >= minMargin && _vault.margin >= 0;
And they can be liquidated if they above check is true. After Liquidation if they have remainning amount still left they are transfered the remainingmargin back by this checkThe protocol is compatible with tokens such as USDC/USDT,So if the user get's blacklisted after depositing in the protocol or before liquidation their liquidation will revert . So anyone also trying to liquidate them or themselves will fail in this process
Tools Used
Manual Review
Recommended Mitigation Steps
Have a logic to transfer the remaining margin to the predy pool and users withdrawing it from there.
Assessed type
ERC20