search

sherlock-audit / 2023-05-ironbank-judging

2 stars 2 forks source link

josephdara - Liquidation Failure #481

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

josephdara

high

Liquidation Failure

Summary

Throughout the codebase, there are many points at which a user liquidation can potentially fail. This means the bad position can not be curb and it will incur further loss for the protocol.

Vulnerability Detail

Impact

This directly stops liquidation calls for a user, cause a DOS on that account and for the liquidator and also bad debt for the protocol

Code Snippet


function liquidate(
        address liquidator,
        address borrower,
        address marketBorrow,
        address marketCollateral,
        uint256 repayAmount
    ) external nonReentrant isAuthorized(liquidator) {
        DataTypes.Market storage mBorrow = markets[marketBorrow];
        DataTypes.Market storage mCollateral = markets[marketCollateral];
        require(mBorrow.config.isListed, "borrow market not listed");
        require(mCollateral.config.isListed, "collateral market not listed");
        require(isMarketSeizable(mCollateral), "collateral market cannot be seized");
        require(!isCreditAccount(borrower), "cannot liquidate credit account");
        require(liquidator != borrower, "cannot self liquidate");

        _accrueInterest(marketBorrow, mBorrow);
        _accrueInterest(marketCollateral, mCollateral);

        // Check if the borrower is actually liquidatable.
        require(_isLiquidatable(borrower), "borrower not liquidatable");

Tool used

Manual Review

Recommendation

All functions called internally and externally for liquidation to happen should be handled with if statements such that they do not revert.

Duplicate of https://github.com/sherlock-audit/2023-05-ironbank-judging/issues/433