You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The protocol fee is not being deducted from the liquidatee's balance during liquidation
Summary
When a user’s position is liquidated, they are required to send a portion of their collateral to both the liquidator and the protocol as a fee.
This should reduce the liquidatee's collateral balance.
However, the protocol fee is not being deducted from the liquidatee’s balance, allowing them to withdraw these shares again, even though they have already been transferred to the protocol as fees.
Vulnerability Detail
The liquidation process occurs in the executeLiquidationCall function.
On line 138, the _calculateAvailableCollateralToLiquidate function is called to determine how much debt should be liquidated and how much collateral both the liquidator and the protocol will receive.
This allows liquidatees to unfairly benefit, as their collateral balance does not reflect the fee paid to the protocol.
This issue can lead to several problems.
For instance, users may be unable to withdraw their funds due to an insufficient asset balance, as the reduction in the total pool assets is not properly tracked.
Additionally, because the liquidatees’ actual losses are less than intended, they may not take the liquidation process seriously, undermining the protocol's intended risk management.
sherlock-admin3
changed the title
Smooth Carbon Narwhal - The protocol fee is not being deducted from the liquidatee's balance during liquidation
ether_sky - The protocol fee is not being deducted from the liquidatee's balance during liquidation
Oct 3, 2024
ether_sky
High
The protocol fee is not being deducted from the liquidatee's balance during liquidation
Summary
When a user’s
position
isliquidated
, they are required to send a portion of theircollateral
to both theliquidator
and theprotocol
as afee
.This should reduce the
liquidatee
'scollateral balance
.However, the
protocol fee
is not being deducted from theliquidatee
’sbalance
, allowing them towithdraw
theseshares
again, even though they have already been transferred to theprotocol
asfees
.Vulnerability Detail
The
liquidation
process occurs in theexecuteLiquidationCall
function.On
line 138
, the_calculateAvailableCollateralToLiquidate
function is called to determine how muchdebt
should be liquidated and how muchcollateral
both theliquidator
and theprotocol
will receive.If the
liquidationProtocolFeePercentage
is greater than0
, a portion of thecollateral
is assigned to theprotocol
as afee
online 368
.The
collateral
allocated to theliquidator
is sent to them, and theliquidatee
’scollateral balance
is reduced accordingly inline 228
.However, while the
protocol
'sfee
is sent to thetreasury
, theliquidatee
'scollateral balance
is not reduced online 188
.Impact
This allows
liquidatees
to unfairly benefit, as theircollateral balance
does not reflect thefee
paid to theprotocol
.This issue can lead to several problems.
For instance, users may be unable to
withdraw
their funds due to an insufficientasset balance
, as the reduction in thetotal pool assets
is not properly tracked.Additionally, because the
liquidatees
’ actual losses are less than intended, they may not take theliquidation
process seriously, undermining the protocol's intended risk management.Code Snippet
https://github.com/sherlock-audit/2024-06-new-scope/blob/c8300e73f4d751796daad3dadbae4d11072b3d79/zerolend-one/contracts/core/pool/logic/LiquidationLogic.sol#L138-L148
https://github.com/sherlock-audit/2024-06-new-scope/blob/c8300e73f4d751796daad3dadbae4d11072b3d79/zerolend-one/contracts/core/pool/logic/LiquidationLogic.sol#L368
https://github.com/sherlock-audit/2024-06-new-scope/blob/c8300e73f4d751796daad3dadbae4d11072b3d79/zerolend-one/contracts/core/pool/logic/LiquidationLogic.sol#L228
https://github.com/sherlock-audit/2024-06-new-scope/blob/c8300e73f4d751796daad3dadbae4d11072b3d79/zerolend-one/contracts/core/pool/logic/LiquidationLogic.sol#L188
Tool used
Manual Review
Recommendation
To resolve this issue, deduct the
protocol fee
from theliquidatee
'sbalance
and thetotal shares
by calling thewithdrawCollateral
function.Duplicate of #228
The text was updated successfully, but these errors were encountered: