sherlock-admin
commented
5 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Closed sherlock-admin2 closed 5 months ago
sherlock-admin
commented
5 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
nevillehuang
commented
4 months ago Invalid, same reasonings as #116
kgothatso
high
an attacker can liquidate any position
Summary
an attacker can liquidate any position
Vulnerability Detail
unexpected liquidation can cause users to loss rETH
Impact
loss of funds . lose collateral and fees.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/LiquidationModule.sol#L75
Tool used
Manual Review
Recommendation
liquidation should be done by vault owners only and users who hold a position. add a function modifier to check for collateral owners can self liquidate or vault.