Closed sherlock-admin closed 1 year ago
Max borrow capacities can increase and they will not dilute vault shares. I consider this issue to be invalid.
Agreed. Even though this specific function isn't meant to be used to increase vault capacity, it doesn't matter that it can be because the same owner has a different function available to them that is meant to be used to do that.
joestakey
medium
Notional Governors can use
reduceMaxBorrowCapacity
on a vault to increasemaxBorrowCapacity
, which can grief users of the vault.Summary
Notional Governors can increase the risk of a vault at any time by using
reduceMaxBorrowCapacity
to increasemaxBorrowCapacity
, which can lead to insolvency of users.Vulnerability Detail
VaultAction.reduceMaxBorrowCapacity()
is meant toThe function calls VaultConfiguration.setMaxBorrowCapacity, which sets the new
maxBorrowCapacity
without any check on the new value being written.This means it is technically possible for Notional governors to actually increase the
maxBorrowCapacity
.Impact
As detailed in the function comment
Other maturities for that vault may still be entered depending on whether or not the vault is above or below the max vault borrow capacity.
This would effectively increase the risk on users having entered the vaults on these other maturities:The higher borrowing capacity means new accounts can keep borrowing, increasing here
totalVaultShares
.VaultState.getCashValueOfShare()
returns assetCashValue which will be lower due togetPoolShare
return values being lower asvaultState.totalVaultShares
is higherVaultConfiguration.calculateCollateralRatio()
,vaultShareValue
is lower , which also results innetAssetValue
being lower. If too low:> 0
, the return valuecollateralRatio
will trigger this check to pass, meaning that the account can be liquidated.Code Snippet
https://github.com/notional-finance/contracts-v2/blob/cf05d8e3e4e4feb0b0cef2c3f188c91cdaac38e0/contracts/external/actions/VaultAction.sol#L103
Tool used
Manual Review
Recommendation
VaultConfiguration.setMaxBorrowCapacity
should check the newmaxBorrowCapacity
to ensure it is not greater than the current one. https://github.com/notional-finance/contracts-v2/blob/cf05d8e3e4e4feb0b0cef2c3f188c91cdaac38e0/contracts/internal/vaults/VaultConfiguration.sol#L224