Accounts cannot raise their collateral if vault is paused
Summary
When a vault is paused, accounts cannot raise their collateral to avoid liquidation
Vulnerability Detail
VaultAccountAction.enterVault() is not only used by users who wish to borrow, it can also be used to raise their collateral ratio if they are close to liquidation by passing fCashToBorrow == 0. But if a vault is paused, the function will revert because of the check line 54.
Impact
When a vault is paused, a user close to liquidation will not be able to raise their collateral, which means they have no way to avoid liquidation as their loan approaches undercollateralization.
joestakey
medium
Accounts cannot raise their collateral if vault is paused
Summary
When a vault is paused, accounts cannot raise their collateral to avoid liquidation
Vulnerability Detail
VaultAccountAction.enterVault()
is not only used by users who wish to borrow, it can also be used to raise their collateral ratio if they are close to liquidation by passingfCashToBorrow == 0
. But if a vault is paused, the function will revert because of the check line 54.Impact
When a vault is paused, a user close to liquidation will not be able to raise their collateral, which means they have no way to avoid liquidation as their loan approaches undercollateralization.
Code Snippet
https://github.com/notional-finance/contracts-v2/blob/cf05d8e3e4e4feb0b0cef2c3f188c91cdaac38e0/contracts/external/actions/VaultAccountAction.sol#L54
Tool used
Manual Review
Recommendation
VaultAccountAction.enterVault
should check the vault enabled/disabled status only iffCash > 0
- ie in the case the account is borrowing.