search

code-423n4 / 2024-05-predy-validation

0 stars 0 forks source link

Potential failure in liquidation process due to blacklisted recipients #625

Open c4-bot-9 opened 4 months ago

c4-bot-9 commented 4 months ago

Lines of code

https://github.com/code-423n4/2024-05-predy/blob/a9246db5f874a91fb71c296aac6a66902289306a/src/libraries/logic/LiquidationLogic.sol#L93-L100

Vulnerability details

Impact

According to the README.md, amongst the ERC20 tokens used by the protocol are USDC and USDT.

In the LiquidationLogic library, the liquidate function attempts to transfer the remaining margin to the vault recipient using the safeTransfer method.

If the recipient is blacklisted, as can happen with USDC and USDT, this transfer will fail, potentially halting the liquidation process.

Proof of Concept

The liquidation process relies on the safeTransfer function to transfer funds to the vault recipient.

                if (vault.recipient != address(0)) {
                    // Send the remaining margin to the recipient.
                    vault.margin = 0;

                    sentMarginAmount = uint256(remainingMargin);

                    ERC20(pairStatus.quotePool.token).safeTransfer(vault.recipient, sentMarginAmount);
                }

The safeTransfer method will revert the transaction if the recipient is blacklisted, causing the entire liquidation process to fail.

The disruption of the liquidation process will potentially leave the vault in an under-collateralized state and expose the protocol to financial risk.

Tools Used

Manual review

Recommended Mitigation Steps

The contract should implement a check to verify whether the recipient address is blacklisted before attempting the safeTransfer.

If the recipient is blacklisted, the contract could redirect the funds to a predefined backup address.

This ensures that the liquidation process can proceed smoothly despite the blacklisted status of the vault.recipient.

Assessed type

Other