rvierdiiev - Liquidator receives all eth balance of borrower instead of ante

[sherlock-admin2]

rvierdiiev

medium

Liquidator receives all eth balance of borrower instead of ante

Summary

Liquidator receives all eth balance of borrower instead of ante

Vulnerability Detail

When liquidation occurs, then in the end liquidator receives eth from borrower's balance. The amount depends on strain param and on borower's balance.

There is a requirement for borrower. In case if he wants to do any operation using modify function, then after that operation he should have at least ante on his eth balance. This ante is smth like deposit, that user should hold to be able to act. And as you have already seen it's used to pay liquidator.

The problem is that borrower can have much more than ante on his balance as he can operate with eth. In that case liquidator will be able to grab whole that amount.

Impact

Borrower can loose all eth balance.

Code Snippet

Provided above

Tool used

Manual Review

Recommendation

I believe that such payment should be fair for liquidators:

(uint208 ante, , , ) = FACTORY.getParameters(UNISWAP_POOL);
payable(callee).transfer(ante / strain);

[sherlock-admin2]

3 comment(s) were left on this issue during the judging contest.

panprog commented:

low, because all account ETH balance is expected to be for liquidator payment only

tsvetanovv commented:

He has to deposit ETH because of ante. If he deposits more I think it is his mistake

MohammedRizwan commented:

valid