Closed sherlock-admin closed 1 year ago
josephdara
high
Throughout the codebase, there are many points at which a user liquidation can potentially fail. This means the bad position can not be curb and it will incur further loss for the protocol.
This directly stops liquidation calls for a user, cause a DOS on that account and for the liquidator and also bad debt for the protocol
function liquidate( address liquidator, address borrower, address marketBorrow, address marketCollateral, uint256 repayAmount ) external nonReentrant isAuthorized(liquidator) { DataTypes.Market storage mBorrow = markets[marketBorrow]; DataTypes.Market storage mCollateral = markets[marketCollateral]; require(mBorrow.config.isListed, "borrow market not listed"); require(mCollateral.config.isListed, "collateral market not listed"); require(isMarketSeizable(mCollateral), "collateral market cannot be seized"); require(!isCreditAccount(borrower), "cannot liquidate credit account"); require(liquidator != borrower, "cannot self liquidate"); _accrueInterest(marketBorrow, mBorrow); _accrueInterest(marketCollateral, mCollateral); // Check if the borrower is actually liquidatable. require(_isLiquidatable(borrower), "borrower not liquidatable");
Manual Review
All functions called internally and externally for liquidation to happen should be handled with if statements such that they do not revert.
Duplicate of https://github.com/sherlock-audit/2023-05-ironbank-judging/issues/433
josephdara
high
Liquidation Failure
Summary
Throughout the codebase, there are many points at which a user liquidation can potentially fail. This means the bad position can not be curb and it will incur further loss for the protocol.
Vulnerability Detail
Impact
This directly stops liquidation calls for a user, cause a DOS on that account and for the liquidator and also bad debt for the protocol
Code Snippet
Tool used
Manual Review
Recommendation
All functions called internally and externally for liquidation to happen should be handled with if statements such that they do not revert.
Duplicate of https://github.com/sherlock-audit/2023-05-ironbank-judging/issues/433