During the repay process, the protocol will transfer hold token to creditor. However, if the USDC contract blacklists the creditor, the liquidation transaction will be revert. As a result, the borrower will unable to be repay if they have been blacklisted by the USDC token contract.
Vulnerability Detail
In the function _restoreLiquidity(), the protocol will transfers cache.holdToken to the creditor. If cache.holdToken is USDT or USDC and the creditor has been blacklisted, the transfer will fail, preventing the borrower from repaying.
This will error where transferring USDC tokens to blacklisted users can cause the transaction to be reverted, disrupting the repay flow. The repay process might DoS
Bauer
medium
The borrower may be unable to repay a loan
Summary
During the repay process, the protocol will transfer hold token to creditor. However, if the USDC contract blacklists the creditor, the liquidation transaction will be revert. As a result, the borrower will unable to be repay if they have been blacklisted by the USDC token contract.
Vulnerability Detail
In the function
_restoreLiquidity()
, the protocol will transfers cache.holdToken to the creditor. If cache.holdToken is USDT or USDC and the creditor has been blacklisted, the transfer will fail, preventing the borrower from repaying.Impact
This will error where transferring USDC tokens to blacklisted users can cause the transaction to be reverted, disrupting the repay flow. The repay process might DoS
Code Snippet
https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/LiquidityBorrowingManager.sol#L669-L670
Tool used
Manual Review
Recommendation
Check the token balance to be greater than zero before transferring profit to the user
Duplicate of #83