Closed sherlock-admin2 closed 5 months ago
kgothatso
high
an attacker can liquidate any position
unexpected liquidation can cause users to loss rETH
loss of funds . lose collateral and fees.
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/LiquidationModule.sol#L75
Manual Review
liquidation should be done by vault owners only and users who hold a position. add a function modifier to check for collateral owners can self liquidate or vault.
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Invalid, same reasonings as #116
kgothatso
high
an attacker can liquidate any position
Summary
an attacker can liquidate any position
Vulnerability Detail
unexpected liquidation can cause users to loss rETH
Impact
loss of funds . lose collateral and fees.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/LiquidationModule.sol#L75
Tool used
Manual Review
Recommendation
liquidation should be done by vault owners only and users who hold a position. add a function modifier to check for collateral owners can self liquidate or vault.