Closed sherlock-admin2 closed 10 months ago
1 comment(s) were left on this issue during the judging contest.
auditsea commented:
The issue describes about the protocol insolvancy in case of collateral depeg. It's not avoidable, that's why the protocol has borrowing function to get yield, take fees on mint and redeem, these features will hedge the risk from protocol insolvancy
1 comment(s) were left on this issue during the judging contest.
auditsea commented:
The issue describes about the protocol insolvancy in case of collateral depeg. It's not avoidable, that's why the protocol has borrowing function to get yield, take fees on mint and redeem, these features will hedge the risk from protocol insolvancy
fugazzi
high
Fragile collateralization model will likely cause bad debt
Summary
Users are allowed to fully mint on their collateral value, potentially causing bad debt as soon as the collateral price drops.
Vulnerability Detail
The Ubiquity Pool allows users to mint Dollar tokens (uAD) by depositing collateral. The amount of uAD tokens a user is allowed to mint is given by the
getDollarInCollateral()
function:This function takes the requested uAD amount (
dollarAmount
) and divides it by the current collateral price (poolStorage.collateralPrices[collateralIndex]
), returned by Chainlink. This basically means that users are allowed to fully mint on their collateral value, the effective LTV on all collaterals is 100%.This creates an extremely fragile ecosystem: whenever the price of an asset drops this will instantly mean bad debt for the protocol. Even if the collateral tokens are going to be non-volatile assets such as stablecoins DAI or LUSD, there is no guarantee that these are going to be always pegged to 1 USD. For example, there are times in which DAI dropped significantly from the $1 peg.
Impact
The collateralization model will fail as soon as any supported collateral drops in value, creating bad debt in the pool.
Code Snippet
https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L284-L294
Tool used
Manual Review
Recommendation
Introduce LTV configurations on collaterals to allow minting up to a certain value of the deposited collateral. Allow and incentivize liquidations to avoid bad debt in the protocol.
Duplicate of #17