androolloyd
commented
2 years ago working as intended
Closed sherlock-admin closed 2 years ago
androolloyd
commented
2 years ago working as intended
141345
commented
1 year ago Escalate for 3 USDC
This case, 2 unrelated loan could be linked.
Consider the following case: A collateral is taking 2 different loan, 1 for a private vault with duration of 15 days for $100, 1 for a public vault with duration of 30 days for $1,000.
If after 15 days, the loan is not paid back, it will be liquidated. According to the currently rule, the other unexpired loan will also get involved, since the underlying collateral is the same.
In this example, the 2nd loan lender get involved and face potential loss due to the 1st loan auction.
I believe this is a business logic issue.
sherlock-admin
commented
1 year ago Escalate for 3 USDC
This case, 2 unrelated loan could be linked.
Consider the following case: A collateral is taking 2 different loan, 1 for a private vault with duration of 15 days for $100, 1 for a public vault with duration of 30 days for $1,000.
If after 15 days, the loan is not paid back, it will be liquidated. According to the currently rule, the other unexpired loan will also get involved, since the underlying collateral is the same.
In this example, the 2nd loan lender get involved and face potential loss due to the 1st loan auction.
I believe this is a business logic issue.
You've created a valid escalation for 3 USDC!
To remove the escalation from consideration: Delete your comment. To change the amount you've staked on this escalation: Edit your comment (do not create a new comment).
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Evert0x
commented
1 year ago Escalation rejected. We believe this is by design as androolloyd suggested as the risk needs to be assessed by the user who provides the loan
sherlock-admin
commented
1 year ago Escalation rejected. We believe this is by design as
androolloydsuggested as the risk needs to be assessed by the user who provides the loan
This issue's escalations have been rejected!
Watsons who escalated this issue will have their escalation amount deducted from their next payout.
141345
medium
Multiple lien positions liquidations could cause fund loss
Summary
1 collateral NFT can have multiple loan positions. When liquidated, these positions will be bundled together and could incur loss to the LP if the liquidation auction does not go well.
Vulnerability Detail
Consider the following case: A collateral is taking 2 different loan, 1 for a private vault with duration of 15 days for $100, 1 for a public vault with duration of 30 days for $1,000.
If after 15 days, the loan is not paid back, it will be liquidated. According to the currently rule, the other unexpired loan will also get involved, since the underlying collateral is the same.
But the auction goes without bidder or very low bid, at the end no fund or low amount of fund will be collected for the defaulted loan. The lenders for the other positions will incur loss.
Impact
Some lenders could have loss of fund due to the other position separated from the loan they have.
Code Snippet
As long as one of the positions does not paid back, all the positions associated with the collateral will be liquidated.
https://github.com/sherlock-audit/2022-10-astaria/blob/main/src/AstariaRouter.sol#L362-L374
Tool used
Manual Review
Recommendation