Closed sherlock-admin closed 1 year ago
I don't think we can consider this a unique issue as the dynamic described here has been referenced and is involved in other issues that you have submitted.
Additionally, I'm disputing this issue because once the other issues have been fixed it should not be possible for an account to have a cash balance which upon maturity would lead it to holding a debt which is below the minimum amount. This is currently only possible due to issues with the deleverageAccount function that you have raised. Once these issues are fixed, it should not be possible to use liquidation to put an account into this position.
The only exception here would be if a vault had "fCash discounting" turned on such that you liquidate a currency on that account up to the max, but at maturity the debt is greater than the cash balance. In this case you would have a very small debt left on the account which would not be profitable to liquidate. It would also be basically negligible though. So unless you could figure out how to use the fact that you have a currency that has a very small debt to exploit Notional for a larger amount, I think it's ok.
xiaoming90
high
Settlement process brings debt below
minBorrowSize
Summary
The settlement process can leave some accounts below the minimum debt. Thus, leaving accounts with small debt that are not profitable to unwind if it needs to liquidate.
Vulnerability Detail
https://github.com/sherlock-audit/2023-03-notional/blob/main/contracts-v2/contracts/internal/vaults/VaultAccount.sol#L457
During vault account settlement, the temporary cash will be automatically used to offset the primary and/or secondary debt, which might push the debt below the minimum borrow size.
Assume that the vault account debt is
-100
, theminBorrowSize
is50
, and thetempCashBalance
is70
. During the settlement, the debt will be offset by thetempCashBalance
. As such, after the settlement, the account debt will be30
, which is below theminBorrowSize
.Impact
The settlement process can leave some accounts below the minimum debt. Accounts smaller than the minimum debt are not profitable to unwind if it needs to liquidate (Reference)
As a result, liquidators are not incentivized to liquidate those undercollateralized positions. This might leave the protocol with bad debts, potentially leading to insolvency if the bad debts accumulate.
Code Snippet
https://github.com/sherlock-audit/2023-03-notional/blob/main/contracts-v2/contracts/internal/vaults/VaultAccount.sol#L457
Tool used
Manual Review
Recommendation
Considering repaying or offsetting the debt up to the
minBorrowSize
.