user can create listing with dust amount to block collection shutdown
Summary
User can create listing with dust amount to block collection shutdown because interest will accreu slowly keeping the position healthy for a long time
Root Cause
CollectionShutdown::execute(..) cannot be called when there are still active protected listings in the protocol, Hence a user can create listing with a dust amount and leave it for as long as possible considering that the position will be healthy for a long time
function _hasListings(address _collection) internal view returns (bool) {
IListings listings = locker.listings();
if (address(listings) != address(0)) {
if (listings.listingCount(_collection) != 0) {
return true;
}
// Check that no protected listings currently exist
IProtectedListings protectedListings = listings.protectedListings();
if (address(protectedListings) != address(0)) {
@> if (protectedListings.listingCount(_collection) != 0) {
return true;
}
function getProtectedListingHealth(address _collection, uint _tokenId) public view listingExists(_collection, _tokenId) returns (int) {
// So we start at a whole token, minus: the keeper fee, the amount of tokens borrowed
// and the amount of collateral based on the protected tax.
@> return int(MAX_PROTECTED_TOKEN_AMOUNT) - int(unlockPrice(_collection, _tokenId));
}
Internal pre-conditions
Dust amount can be borrowed for a long time and the positions will still be healthy
External pre-conditions
No response
Attack Path
User creates listing for dust amount and leaves it without unlocking the listing knowing that the position will still be healthy even after long time
Impact
CollectionShutdown::execute(..) can be DOS preventing the shutdown of a collection for a long time
PoC
No response
Mitigation
Consider implementing an algorithm to prevent users borrowing dust amount for a long period
Audinarey
High
user can create listing with dust amount to block collection shutdown
Summary
User can create listing with dust amount to block collection shutdown because interest will accreu slowly keeping the position healthy for a long time
Root Cause
CollectionShutdown::execute(..)cannot be called when there are still active protected listings in the protocol, Hence a user can create listing with a dust amount and leave it for as long as possible considering that the position will be healthy for a long timeAs seen below, the health check for a position calls
unlockPrice(...)which in turn calls compound to calculate theInternal pre-conditions
Dust amount can be borrowed for a long time and the positions will still be healthy
External pre-conditions
No response
Attack Path
User creates listing for dust amount and leaves it without unlocking the listing knowing that the position will still be healthy even after long time
Impact
CollectionShutdown::execute(..)can be DOS preventing the shutdown of a collection for a long timePoC
No response
Mitigation
Consider implementing an algorithm to prevent users borrowing dust amount for a long period