search

sherlock-audit / 2023-03-notional-judging

12 stars 6 forks source link

xiaoming90 - Settlement process brings debt below `minBorrowSize` #178

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

xiaoming90

high

Settlement process brings debt below minBorrowSize

Summary

The settlement process can leave some accounts below the minimum debt. Thus, leaving accounts with small debt that are not profitable to unwind if it needs to liquidate.

Vulnerability Detail

https://github.com/sherlock-audit/2023-03-notional/blob/main/contracts-v2/contracts/internal/vaults/VaultAccount.sol#L457

File: VaultAccount.sol
454:         // Calculates the net settled cash if there is any temp cash balance that is net off
455:         // against the settled prime debt.
456:         bool didTransferPrimary;
457:         (accountPrimeStorageValue, didTransferPrimary) = repayAccountPrimeDebtAtSettlement(
458:             vaultConfig.primeRate,
459:             primeVaultState,
460:             vaultConfig.borrowCurrencyId,
461:             vaultConfig.vault,
462:             vaultAccount.account,
463:             vaultAccount.tempCashBalance,
464:             accountPrimeStorageValue
465:         );
466:         // Clear any temp cash balance, it has been applied to the debt
467:         vaultAccount.tempCashBalance = 0;

During vault account settlement, the temporary cash will be automatically used to offset the primary and/or secondary debt, which might push the debt below the minimum borrow size.

Assume that the vault account debt is -100, the minBorrowSize is 50, and the tempCashBalance is 70. During the settlement, the debt will be offset by the tempCashBalance. As such, after the settlement, the account debt will be 30, which is below the minBorrowSize.

Impact

The settlement process can leave some accounts below the minimum debt. Accounts smaller than the minimum debt are not profitable to unwind if it needs to liquidate (Reference)

As a result, liquidators are not incentivized to liquidate those undercollateralized positions. This might leave the protocol with bad debts, potentially leading to insolvency if the bad debts accumulate.

Code Snippet

https://github.com/sherlock-audit/2023-03-notional/blob/main/contracts-v2/contracts/internal/vaults/VaultAccount.sol#L457

Tool used

Manual Review

Recommendation

Considering repaying or offsetting the debt up to the minBorrowSize.

T-Woodward commented 1 year ago

I don't think we can consider this a unique issue as the dynamic described here has been referenced and is involved in other issues that you have submitted.

Additionally, I'm disputing this issue because once the other issues have been fixed it should not be possible for an account to have a cash balance which upon maturity would lead it to holding a debt which is below the minimum amount. This is currently only possible due to issues with the deleverageAccount function that you have raised. Once these issues are fixed, it should not be possible to use liquidation to put an account into this position.

T-Woodward commented 1 year ago

The only exception here would be if a vault had "fCash discounting" turned on such that you liquidate a currency on that account up to the max, but at maturity the debt is greater than the cash balance. In this case you would have a very small debt left on the account which would not be profitable to liquidate. It would also be basically negligible though. So unless you could figure out how to use the fact that you have a currency that has a very small debt to exploit Notional for a larger amount, I think it's ok.