Open c4-bot-6 opened 1 month ago
ERC20 Revert on zero value transfers
in scope according to README
.
MarioPoneder marked the issue as primary issue
MarioPoneder marked the issue as satisfactory
MarioPoneder marked the issue as selected for report
Lines of code
https://github.com/code-423n4/2024-07-benddao/blob/main/src/libraries/logic/IsolateLogic.sol#L346-L354
Vulnerability details
Description
One of the features of this protocol is that the borrower can redeem his loan (under the Isolate Lending) after his loan goes into auction state (Before the end of the auction) by simply invoking
IsolateLiquidation.sol#isolateRedeem()
, However in order to keep the liquidators incentivized to lunch the auction for any bad debt, the borrower could get forced to pay them some fee (calledbidFine
)The
bidFine
is defined by two factorsbidFineFactor
andminBidFineFactor
, both of them are updatable fromConfigurator.sol#setAssetAuctionParams()
, So, in case admin set them to zeroWhen the borrower tries to redeem his loan this logic from
IsolateLogic.sol#executeIsolateRedeem()
will set the value of
vars.bidFines[vars.nidx]
to zeroAfter that, the flow will enter this IF block to transfer the
bidFine
to the liquidator who launched the auction.but in case
params.asset
is one of Revert-on-Zero-Value-Transfers tokens (are in scope) the transaction will revert because it is trying to transfer zero valuevars.bidFines[vars.nidx] == 0
Impact
The borrower will never be able to redeem his loan after his loan goes into auction state
Proof of Concept
Tools Used
Recommended Mitigation Steps
Assessed type
ERC20