Liquidation without bad debt doesn't update totalBorrow of market
Summary
During a liquidation of BigBang or Singularity contract, it doesn't update the totalBorrow although it still updates the borrow storage (userBorrowPart) of user.
Vulnerability Detail
In _liquidateUser() function of BBLiquidation contract, it get liquidated borrow amount and collateral share from _updateBorrowAndCollateralShare, then updatestotalCollateralShare.
However, during the liquidation, totalBorrow isn't updated even though userBorrowPart was updated in the _updateBorrowAndCollateralShare function (code snippet).
It's a serious mistake since totalBorrow is intentionally updated in the liquidateBadDebt() function (code snippet).
The same vulnerability exists in SGLLiquidation.
Impact
This issue results in incorrect totalBorrow for markets, which can become very large and reach borrow cap faster. The calculation of borrowing and undercollateralization will be incorrect, leading to inaccurate market states and unexpected losses for users.
duc
high
Liquidation without bad debt doesn't update totalBorrow of market
Summary
During a liquidation of BigBang or Singularity contract, it doesn't update the
totalBorrow
although it still updates the borrow storage (userBorrowPart
) of user.Vulnerability Detail
In
_liquidateUser()
function of BBLiquidation contract, it get liquidated borrow amount and collateral share from_updateBorrowAndCollateralShare
, then updatestotalCollateralShare
.However, during the liquidation,
totalBorrow
isn't updated even thoughuserBorrowPart
was updated in the_updateBorrowAndCollateralShare
function (code snippet). It's a serious mistake since totalBorrow is intentionally updated in theliquidateBadDebt()
function (code snippet).The same vulnerability exists in SGLLiquidation.
Impact
This issue results in incorrect totalBorrow for markets, which can become very large and reach borrow cap faster. The calculation of borrowing and undercollateralization will be incorrect, leading to inaccurate market states and unexpected losses for users.
Code Snippet
https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/markets/bigBang/BBLiquidation.sol#L246-L273 https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/markets/bigBang/BBLiquidation.sol#L226-L227
Tool used
Manual Review
Recommendation
Update
totalBorrow
in_liquidateUser
function as the following:Duplicate of #49