sherlock-admin
commented
8 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Closed sherlock-admin2 closed 8 months ago
sherlock-admin
commented
8 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
nevillehuang
commented
8 months ago Invalid, admin only function, they are trusted to set appropriate parameters, this is purely a sanity check
0xrobsol
medium
Critical Validation for Liquidation Fee Bounds Setting
Summary
The setLiquidationFeeBounds function is designed to update the lower and upper bounds for liquidation fees. However, there's an oversight in not checking whether the new lower and upper bounds are set to the same value, which could limit the protocol's flexibility in liquidation fee adjustments and potentially lead to operational inefficiencies.
Vulnerability Detail
The function correctly checks for zero values and ensures that the upper bound is greater than the lower bound to prevent setting illogical fee ranges. However, allowing the upper and lower bounds to be equal could effectively remove the intended range flexibility for liquidation fees, forcing a single fixed fee rate. This could be problematic under varying market conditions where more dynamic fee adjustments are necessary.
Impact
By not preventing the upper and lower liquidation fee bounds from being equal, the protocol could be restricted in its ability to respond to changes in market dynamics effectively. This could lead to either too high or too low liquidation fees in certain situations.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/LiquidationModule.sol#L314
Tool used
Manual Review
Recommendation
To enhance the function's robustness and the protocol's adaptability to market conditions, it is recommended to introduce a check ensuring that _newLiquidationFeeLowerBound is strictly less than _newLiquidationFeeUpperBound, not merely less than or equal to. This can be implemented as follows: