search

sherlock-audit / 2024-04-interest-rate-model-judging

9 stars 5 forks source link

0xumarkhatab - Abrupt changes in Market Adjust Factors can lead to devastating problems for users #85

Closed sherlock-admin2 closed 5 months ago

sherlock-admin2 commented 5 months ago

0xumarkhatab

high

Abrupt changes in Market Adjust Factors can lead to devastating problems for users

Summary

The vulnerability revolves around Auditor.sol concerning the adjustFactor parameter of markets, controlled by the admin, which significantly influences various system aspects. When users are not aware of changes to this parameter, this leads to considerable risks, including potential asset devaluation, increased borrowing costs, uncertainty, and reliability concerns. Additionally, the users face liquidation risks due to sudden changes in asset values.

Vulnerability Details

The main issue lies around the adjustFactor parameter, which can be altered in one transaction without user notification.

This immediate change in critical parameters of markets can lead to the following potential risks :

Impact

  1. Asset Values Drop and Increased Borrowing Costs: Sudden changes in the adjustFactor could devalue assets and raise borrowing costs, leading to financial losses for users and hindering platform activity.

    • Code Reference: The setAdjustFactor function enables the admin to modify the adjustFactor without constraints, potentially impacting asset values and borrowing costs.

  2. User Uncertainty, Trust Issues, and Reliability Concerns: Lack of transparency regarding adjustFactor changes may trigger user uncertainty, erode trust in the platform's fairness and reliability, and prompt withdrawals.

    • Code Reference: The absence of communication or oversight mechanisms for adjustFactor changes may sow doubts among users about the platform's integrity and reliability.

  3. Liquidation Risks: Abrupt changes in asset values due to adjustFactor alterations could trigger liquidations, resulting in asset losses for users and undermining platform stability.

    • Code Reference: Unpredictable changes in critical parameters like adjustFactor may heighten the likelihood of asset liquidations, posing risks to user funds.

Code Snippet

The vulnerability originates from the setAdjustFactor function in our Auditor contract, granting the admin unrestricted authority to adjust the adjustFactor.

Affected Code:


// L239-L244

function checkLiquidation()public {
//SNIP
  uint256 value = debt.mulDivUp(m.price, m.baseUnit);
        base.totalDebt += value;
        base.adjustedDebt += value.divWadUp(m.adjustFactor);

        value = collateral.mulDivDown(m.price, m.baseUnit);
        base.totalCollateral += value;
        base.adjustedCollateral += value.mulWadDown(m.adjustFactor);
        if (market == seizeMarket) base.seizeAvailable = value;

//SNIP
}

// Line 307 : 

  function handleBadDebt(address account) external {
//SNIP
    if (assets.mulDivDown(assetPrice(m.priceFeed), 10 ** m.decimals).mulWadDown(m.adjustFactor) > 0) return;

//SNIP

}

// L130-L140

function accountLiquidity(
    address account,
    Market marketToSimulate,
    uint256 withdrawAmount
  ) public view returns (uint256 sumCollateral, uint256 sumDebtPlusEffects) {

       //SNIP
        sumCollateral += vars.balance.mulDivDown(vars.price, baseUnit).mulWadDown(adjustFactor);

        // sum all the debt
        sumDebtPlusEffects += vars.borrowBalance.mulDivUp(vars.price, baseUnit).divWadUp(adjustFactor);

        //SNIP
 if (withdrawAmount != 0) {
            sumDebtPlusEffects += withdrawAmount.mulDivDown(vars.price, baseUnit).mulWadDown(adjustFactor);
          }
        //SNIP

}

Target Code :

https://github.com/sherlock-audit/2024-04-interest-rate-model/blob/main/protocol/contracts/Auditor.sol#L372-L377


//  L374-L379

 function setAdjustFactor(Market market, uint128 adjustFactor) public onlyRole(DEFAULT_ADMIN_ROLE) {
    if (!markets[market].isListed) revert MarketNotListed();

    markets[market].adjustFactor = adjustFactor;
    emit AdjustFactorSet(market, adjustFactor);
  }

Tool used

Manual code review.

Recommendation

To address this , I would suggest implementing two step procedure for changing adjustFactor of markets so that users can make informed decisions before the adjust factors gets actually changed on-chain.

santipu03 commented 5 months ago

The issue is invalid because the owner is TRUSTED, so it's assumed that it won't change critical parameters to values that can disrupt the protocol.