sherlock-admin2
commented
1 year ago 3 comment(s) were left on this issue during the judging contest.
panprog commented:
borderline low/medium, but indeed there is no incentive for anyone to call warn
MohammedRizwan commented:
valid
chrisling commented:
the best incentive in this case is that liquidators can liquidate after they call warn. The recommendation will only introduce a lot more issues (e.g. malicious actors exploiting the incentive by spamming warn)
haydenshively
roguereddwarf
0xReiAyanami
medium
Liquidation process is flawed. missing incentive to call warn
Summary
Aloe´s Liquidation process s flawed in the way, that there is no incentive for Liquidators to call the warn function, which is required before liquidations.
Vulnerability Detail
The Aloe protocol has a Liquidation process, which involves a grace period for the Borrower. This means, there is a
warnfunction, that has to be called, that is setting aunleashLiquidationTime. A Liquidation can only be executed when this time is reached.Problem is, there is no incentive for anyone to call the
warnfunction. Only the actualliquidatefunction is inventiviced by giving a 5% incentive in Tokens, if there is a swap required, and always giving a small amount of ETH (ANTE) to cover the gas cost.A Liquidator that calls the warn function has no guarantee, that he is the one, that actually can call liquidate, when the time has come. Therefore it would be a waste of Gas to call the warn function.
This might result in a situation where nobody is willing to call
warn, and therefore the borrower will not get liquidated at all, which could ultimately lead to a loss of Funds for the Lender, when the Borrower starts to accrue bad Debt.Impact
warn--> Borrower will not get liquidatedCode Snippet
https://github.com/sherlock-audit/2023-10-aloe/blob/main/aloe-ii/core/src/Borrower.sol#L148-L173
Tool used
Manual Review
Recommendation
Incentivice the call of warn, to at least pay a small amount of eth (similiar to the ANTE), to ensure liquidation is going to happen.