During the execution of SGL._extractLiquidationFees(), the LiquidationFees are directly stored in the penrose contract. However, the penrose contract does not offer any method to handle these fees already present within it.
Vulnerability Detail
When SGL undergoes liquidation, the _extractLiquidationFees() function stores the LiquidationFees in the penrose contract.
The code implementation is as follows:
_liquidateUser()->_extractLiquidationFees()
However, the penrose contract lacks any method to process these fees that are already within it.
Even the penrose.withdrawAllMarketFees() function cannot handle these fees already residing in the penrose contract. Consequently, this portion of fees remains locked within the penrose contract.
Impact
The SGL Liquidation Fees will remain locked in the penrose contract.
bin2chen
high
SGL Liquidation Fees be Locked in Penrose
Summary
During the execution of
SGL._extractLiquidationFees()
, theLiquidationFees
are directly stored in thepenrose
contract. However, thepenrose
contract does not offer any method to handle these fees already present within it.Vulnerability Detail
When
SGL
undergoes liquidation, the_extractLiquidationFees()
function stores theLiquidationFees
in thepenrose
contract. The code implementation is as follows:_liquidateUser()
->_extractLiquidationFees()
However, the
penrose
contract lacks any method to process these fees that are already within it. Even thepenrose.withdrawAllMarketFees()
function cannot handle these fees already residing in thepenrose
contract. Consequently, this portion of fees remains locked within thepenrose
contract.Impact
The SGL Liquidation Fees will remain locked in the
penrose
contract.Code Snippet
https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/markets/singularity/SGLLiquidation.sol#L306
Tool used
Manual Review
Recommendation
Recommendation: It is advisable to introduce a method to transfer this portion of fees to
twTap
Duplicate of #148