Closed sherlock-admin2 closed 5 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
valid: the position cannot be liquidated high(8)
The protocol team fixed this issue in PR/commit https://github.com/dhedge/flatcoin-v1/pull/266.
santipu_
high
Inability to Liquidate Certain Positions Due to Erroneous Stable Collateral Update
Summary
The protocol encounters an issue where it inaccurately calculates the Profit and Loss (PnL) during liquidation, leading to an incorrect update of the stable collateral. This miscalculation prevents the liquidation of specific positions due to the failure of invariant checks that are conducted at the liquidation's conclusion.
Vulnerability Detail
The process of liquidation is designed to redistribute the remaining margin of a liquidated position (if any) to the Liquidity Providers (LPs) by augmenting their stable collateral. However, a flaw exists within the
liquidate()
function where it inaccurately accounts for the PnL of the position being liquidated. This error disrupts the liquidation process, as it fails the invariant checks that are essential for completing the liquidation.The issue lies in how the
liquidate()
function processes the remaining and settled margins:This flawed approach fails to recognize that the PnL has already been considered during the
updateGlobalPositionData()
function call, leading to an incorrect stable collateral update by subtracting the PnL from the remaining margin, effectively nullifying the PnL's impact.A practical scenario illustrating this flaw:
updateGlobalPositionData()
function, apply losses to Bob's position, impacting the stable collateral.Impact
This flaw will prevent the protocol from liquidating positions when necessary due to incorrect stable collateral updates.
Proof of Concept
The vulnerability can be demonstrated through the following test script added to
Liquidate.t.sol,
executable via the command:forge test --match-test test_dos_liquidation
.Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/LiquidationModule.sol#L133 https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/LiquidationModule.sol#L142
Tool used
Manual Review
Recommendation
To resolve this issue, it is imperative to revise the
liquidate()
function, ensuring it accurately updates the stable collateral without negating the PnL's effect, thereby restoring the liquidation process's integrity.Duplicate of #180