androolloyd
commented
2 years ago working as intended
Open sherlock-admin opened 2 years ago
androolloyd
commented
2 years ago working as intended
141345
commented
1 year ago Escalate for 3 USDC
A borrower uses the NFT as collateral, the lender will get the collateral if the borrower defaults, that's how lending works normally. However, according to the current rule, anyone starts the liquidation process could potentially get the collateral, if no bidder bid on the auction. And the liquidator initiator already gets compensated by the initiator fee.
Current rule allows for a situation that 3rd user could gain the ownership of the NFT by calling liquidate(). But in common practice, it is the lender should claim the ownership of the collateral.
One step further, if by any chance, the initiator could start some DoS attack and make the protocol inoperable, this rule may become part of the attack, to get the collateral for free.
Although it is a corner case, I believe this is a business logic issue.
sherlock-admin
commented
1 year ago Escalate for 3 USDC
A borrower uses the NFT as collateral, the lender will get the collateral if the borrower defaults, that's how lending works normally. However, according to the current rule, anyone starts the liquidation process could potentially get the collateral, if no bidder bid on the auction. And the liquidator initiator already gets compensated by the initiator fee.
Current rule allows for a situation that 3rd user could gain the ownership of the NFT by calling
liquidate(). But in common practice, it is the lender should claim the ownership of the collateral.One step further, if by any chance, the initiator could start some DoS attack and make the protocol inoperable, this rule may become part of the attack, to get the collateral for free.
Although it is a corner case, I believe this is a business logic issue.
You've created a valid escalation for 3 USDC!
To remove the escalation from consideration: Delete your comment. To change the amount you've staked on this escalation: Edit your comment (do not create a new comment).
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Evert0x
commented
1 year ago Escalation accepted.
Will be rewarded a medium as it requires the auction to end with 0 bids
sherlock-admin
commented
1 year ago Escalation accepted.
Will be rewarded a medium as it requires the auction to end with 0 bids
This issue's escalations have been accepted!
Contestants' payouts and scores will be updated according to the changes made on this issue.
141345
high
If an auction has no bidder, the NFT ownership should go back to the loan lenders
Summary
The lenders in principal have the claim for the loan collateral, but current rule will let the liquidation caller get the collateral for free. Effectively take advantage from the vault LP, which is not fair.
Vulnerability Detail
After the
endAuction(), the collateral will be released to the initiator. Essentially, the initiator gets the NFT for free. But the lenders of the loan take the loss.However, the lenders should have the claim to the collateral, since originally the funds are provided by the lenders. If the collateral at the end is owned by whoever calls the liquidation function, it is not fair for the lenders. And will discourage future users to use the protocol.
Impact
Code Snippet
If there is no bidder, the winner will be assigned to the auction initiator. And the debts will all be wrote off. https://github.com/sherlock-audit/2022-10-astaria/blob/main/lib/astaria-gpl/src/AuctionHouse.sol#L178-L204
After the
endAuction(), the collateral will be released to the initiator. https://github.com/sherlock-audit/2022-10-astaria/blob/main/src/CollateralToken.sol#L341-L346Tool used
Manual Review
Recommendation
If there is no bidder for the auction, allow the NFT to get auctioned for another chance.