Closed c4-bot-10 closed 2 weeks ago
After performing liquidation, since liquidator's buying power may decrease
It is now impossible for the liquidator's buying power to decrease as a direct result of the liquidation bonus because negative bonus amounts are settled directly in the underlying token. It may decrease as a second-order effect due to protocol loss, but not more than if the liquidation had been performed from another account.
This check could probably be removed entirely -- it doesn't prevent any specific attacks and is just there because of historical bias.
Picodes marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-09-panoptic/blob/main/contracts/PanopticPool.sol#L1061
Vulnerability details
Impact
Liquidator solvency status may fall below
BP_DECREASE_BUFFER
due to decrease of buying power while performing liquidation.Bug Description
After performing liquidation, since liquidator's buying power may decrease, the solvency status should be checked against
BP_DECREASE_BUFFER
rather thanNO_BUFFER
.This issue was introduced in the latest diff.
Proof of Concept
N/A
Tools Used
Manual Review
Recommended Mitigation Steps
Use
BP_DECREASE_BUFFER
instead ofNO_BUFFER
.Assessed type
Invalid Validation