Closed sherlock-admin2 closed 1 year ago
2 comment(s) were left on this issue during the judging contest.
0xyPhilic commented:
invalid because the malicious user has no incentive to borrow and self-liquidate after that as he'll pay fees on those operations
Kral01 commented:
Needs PoC
0xMosh
high
Malicious borrower can self liquidate and eventually steal funds .
Summary
Malicious borrower can self liquidate and eventually steal funds . The
liquidate
function allows anyone to liquidate a bad debt . If an Malicious borrower can use this as attack to borrow first and then liquidate to get the collateral back and eventually leaving the protocol with loss of funds .Vulnerability Detail
See summary .
Impact
Loss of funds
Code Snippet
Affected code here: https://github.com/sherlock-audit/2023-07-blueberry/blob/main/blueberry-core/contracts/BlueBerryBank.sol#L544 The liquidation function looks like this :
Tool used
Manual Review
Recommendation
check & Revert if liquidator is the borrower .