cccz - The owner can increase minCollateralRatio through the updateVault function, so that the account is liquidated due to insufficient collateral #125
The owner can increase minCollateralRatio through the updateVault function, so that the account is liquidated due to insufficient collateral
Summary
The owner can increase minCollateralRatio through the updateVault function, so that the account is liquidated due to insufficient collateral.
Vulnerability Detail
The owner can call the VaultAction.updateVault function to update vaultConfig.minCollateralRatio. When vaultConfig.minCollateralRatio increases, the account may be liquidated because the collateral ratio is less than minCollateralRatio.
Impact
the account may be liquidated because the collateral ratio is less than minCollateralRatio.
cccz
medium
The owner can increase minCollateralRatio through the updateVault function, so that the account is liquidated due to insufficient collateral
Summary
The owner can increase minCollateralRatio through the updateVault function, so that the account is liquidated due to insufficient collateral.
Vulnerability Detail
The owner can call the VaultAction.updateVault function to update vaultConfig.minCollateralRatio. When vaultConfig.minCollateralRatio increases, the account may be liquidated because the collateral ratio is less than minCollateralRatio.
Impact
the account may be liquidated because the collateral ratio is less than minCollateralRatio.
Code Snippet
https://github.com/sherlock-audit/2022-09-notional/blob/main/contracts-v2/contracts/external/actions/VaultAction.sol#L27-L36 https://github.com/sherlock-audit/2022-09-notional/blob/main/contracts-v2/contracts/internal/vaults/VaultConfiguration.sol#L163-L186 https://github.com/sherlock-audit/2022-09-notional/blob/main/contracts-v2/contracts/external/actions/VaultAccountAction.sol#L261-L280
Tool used
Manual Review
Recommendation
Consider using the timelock contract to call the VaultAction.updateVault function