search

sherlock-audit / 2023-12-flatmoney-judging

11 stars 9 forks source link

the-first-elder - liquidation function cannot be closed if protocol is paused #69

Closed sherlock-admin closed 8 months ago

sherlock-admin commented 8 months ago

the-first-elder

high

liquidation function cannot be closed if protocol is paused

Summary

When the protocol is paused, liquidation function is set to revert when called . This causes closing and liquidating of loans to be impossible before order.executableAtTime is reached, leading to two issues. The first is that users with existing loans are unable to close their loans to recover their collateral. The second is that the protocol could end up being stuck with a lot of bad debt.

Vulnerability Detail

This Function can only be called when the protocol is not not paused.

 function liquidate(uint256 tokenId) public nonReentrant whenNotPaused liquidationInvariantChecks(vault, tokenId) {}

Impact

Outstanding loans cannot be closed or liquidated, freezing user funds and causing the protocol to take on bad debt

Similar review can be found here

Code Snippet

https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/LiquidationModule.sol#L85

Tool used

Manual Review

Recommendation

Allow Liquidate function to be called when protocol is Paused.

Duplicate of #206

sherlock-admin commented 8 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid