Duplicate Liquidators Leading to Incorrect Fee Distribution
Summary
https://github.com/sherlock-audit/2024-09-symmio-v0-8-4-update-contest/blob/main/protocol-core/contracts/facets/liquidation/LiquidationFacetImpl.sol#L22
Both liquidatePartyA and setSymbolsPrice functions add the msg.sender (the liquidator) to the liquidators[partyA] array without checking for existing entries. This can result in the same liquidator being added multiple times, leading to duplicate fee allocations when settling liquidations. Specifically, in the settlePartyALiquidation function, fees (lf) are split equally between the first two liquidators. If a liquidator is duplicated in the array, they may receive an unintended portion of the fees.
Root Cause
No response
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
Incorrect Fee Distribution: Duplicate liquidators can receive multiple shares of the liquidation fees, leading to financial discrepancies.
Inflated Liquidator Counts: This can distort the true number of unique liquidators involved, affecting governance or reputation systems.
PoC
No response
Mitigation
Implement a mechanism to prevent duplicate entries in the liquidators[partyA] array. This can be achieved by using a mapping to track existing liquidators or by checking the array before adding a new liquidator.
Albort
Medium
Duplicate Liquidators Leading to Incorrect Fee Distribution
Summary
https://github.com/sherlock-audit/2024-09-symmio-v0-8-4-update-contest/blob/main/protocol-core/contracts/facets/liquidation/LiquidationFacetImpl.sol#L22 Both liquidatePartyA and setSymbolsPrice functions add the msg.sender (the liquidator) to the liquidators[partyA] array without checking for existing entries. This can result in the same liquidator being added multiple times, leading to duplicate fee allocations when settling liquidations. Specifically, in the settlePartyALiquidation function, fees (lf) are split equally between the first two liquidators. If a liquidator is duplicated in the array, they may receive an unintended portion of the fees.
Root Cause
No response
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
Incorrect Fee Distribution: Duplicate liquidators can receive multiple shares of the liquidation fees, leading to financial discrepancies. Inflated Liquidator Counts: This can distort the true number of unique liquidators involved, affecting governance or reputation systems.
PoC
No response
Mitigation
Implement a mechanism to prevent duplicate entries in the liquidators[partyA] array. This can be achieved by using a mapping to track existing liquidators or by checking the array before adding a new liquidator.