You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
thisvishalsingh - Lack of fee retrieval & not assigned to vars.liquidationProtocolFeePercentage, then liquidationProtocolFeePercentage is used to determine vars.liquidationProtocolFee, this logic is executed with a default=0, leads to protocol getting zero amount of fee on liquidation.
#364
Lack of fee retrieval & not assigned to vars.liquidationProtocolFeePercentage, then liquidationProtocolFeePercentage is used to determine vars.liquidationProtocolFee, this logic is executed with a default=0, leads to protocol getting zero amount of fee on liquidation.
Summary
The lack of fee retrieval & not assigned to vars.liquidationProtocolFeePercentage then execution of liquidationProtocolFeePercentage in _calculateAvailableCollateralToLiquidate will cause a complete loss of funds for the protocol as the system will default to zero leads to incorrect fee application, resulting in the protocol not collecting the fees during liquidations.
Root Cause
In LiquidationLogic.sol#L366-L373 the _calculateAvailableCollateralToLiquidate function does not internally retrieve & assigned to vars.liquidationProtocolFeePercentage. Due to lack of internal fee retrieval & not assigned to vars.liquidationProtocolFeePercentage , results the function could operate with a default=0 & incorrect fee percentage, leading to inaccurate fee calculations during liquidations.`
function _calculateAvailableCollateralToLiquidate(
DataTypes.ReserveData storagecollateralReserve,
DataTypes.ReserveCache memorydebtReserveCache,
uint256debtToCover,
uint256userCollateralBalance,
uint256liquidationBonus,
uint256collateralPrice,
uint256debtAssetPrice,
uint256liquidationProtocolFeePercentage
) internalviewreturns (uint256, uint256, uint256) {
AvailableCollateralToLiquidateLocalVars memory vars;
vars.collateralPrice = collateralPrice; // oracle.getAssetPrice(collateralAsset);
vars.debtAssetPrice = debtAssetPrice; // oracle.getAssetPrice(debtAsset);
vars.collateralDecimals = collateralReserve.configuration.getDecimals();
vars.debtAssetDecimals = debtReserveCache.reserveConfiguration.getDecimals();
unchecked {
vars.collateralAssetUnit =10** vars.collateralDecimals;
vars.debtAssetUnit =10** vars.debtAssetDecimals;
}
// @audit // lack of fee retrieval & not assigned to `vars.liquidationProtocolFeePercentage` , results the function could operate with a default=0 & incorrect fee percentage// This is the base collateral to liquidate based on the given debt to cover
vars.baseCollateral = ((vars.debtAssetPrice * debtToCover * vars.collateralAssetUnit)) / (vars.collateralPrice * vars.debtAssetUnit);
vars.maxCollateralToLiquidate = vars.baseCollateral.percentMul(liquidationBonus);
if (vars.maxCollateralToLiquidate > userCollateralBalance) {
vars.collateralAmount = userCollateralBalance;
vars.debtAmountNeeded = (
(vars.collateralPrice * vars.collateralAmount * vars.debtAssetUnit) / (vars.debtAssetPrice * vars.collateralAssetUnit)
).percentDiv(liquidationBonus);
} else {
vars.collateralAmount = vars.maxCollateralToLiquidate;
vars.debtAmountNeeded = debtToCover;
}
// @audit-issue liquidationProtocolFeePercentage is used to determine vars.liquidationProtocolFee, hence this logic is executed with a default=0, leads to protocol getting zero amount of fee on liquidation.if (liquidationProtocolFeePercentage !=0) {
vars.bonusCollateral = vars.collateralAmount - vars.collateralAmount.percentDiv(liquidationBonus);
vars.liquidationProtocolFee = vars.bonusCollateral.percentMul(liquidationProtocolFeePercentage);
return (vars.collateralAmount - vars.liquidationProtocolFee, vars.debtAmountNeeded, vars.liquidationProtocolFee);
} else {
return (vars.collateralAmount, vars.debtAmountNeeded, 0);
}
}
Hence, lack of fee retrieval & not assigned to vars.liquidationProtocolFeePercentage, and then liquidationProtocolFeePercentage is used to determine vars.liquidationProtocolFee, this logic is executed with a default=0, leads to protocol getting zero amount of fee on liquidation.
Impact
Complete loss of funds - resulting in the protocol not collecting the fees during liquidations.
Mitigation
retrieve the liquidation protocol fee percentage from IPoolDataProvider.sol which have logic function getLiquidationProtocolFee(address pool, address asset) external view returns (uint256);
or add the logic before execution of liquidationProtocolFeePercentage like this and modify reserve configuration accordingly.
sherlock-admin3
changed the title
Chilly Cherry Deer - Lack of fee retrieval & not assigned to vars.liquidationProtocolFeePercentage, then liquidationProtocolFeePercentage is used to determine vars.liquidationProtocolFee, this logic is executed with a default=0, leads to protocol getting zero amount of fee on liquidation.
thisvishalsingh - Lack of fee retrieval & not assigned to vars.liquidationProtocolFeePercentage, then liquidationProtocolFeePercentage is used to determine vars.liquidationProtocolFee, this logic is executed with a default=0, leads to protocol getting zero amount of fee on liquidation.
Oct 3, 2024
thisvishalsingh
High
Lack of fee retrieval & not assigned to
vars.liquidationProtocolFeePercentage
, thenliquidationProtocolFeePercentage
is used to determinevars.liquidationProtocolFee
, this logic is executed with a default=0, leads to protocol getting zero amount of fee on liquidation.Summary
The lack of fee retrieval & not assigned to
vars.liquidationProtocolFeePercentage
then execution ofliquidationProtocolFeePercentage
in_calculateAvailableCollateralToLiquidate
will cause a complete loss of funds for the protocol as the system will default to zero leads to incorrect fee application, resulting in the protocol not collecting the fees during liquidations.Root Cause
In LiquidationLogic.sol#L366-L373 the
_calculateAvailableCollateralToLiquidate
function does not internally retrieve & assigned tovars.liquidationProtocolFeePercentage
. Due to lack of internal fee retrieval & not assigned tovars.liquidationProtocolFeePercentage
, results the function could operate with a default=0 & incorrect fee percentage, leading to inaccurate fee calculations during liquidations.`vars.liquidationProtocolFeePercentage
, and thenliquidationProtocolFeePercentage
is used to determinevars.liquidationProtocolFee
, this logic is executed with a default=0, leads to protocol getting zero amount of fee on liquidation.Impact
Complete loss of funds - resulting in the protocol not collecting the fees during liquidations.
Mitigation
IPoolDataProvider.sol
which have logicfunction getLiquidationProtocolFee(address pool, address asset) external view returns (uint256);
liquidationProtocolFeePercentage
like this and modify reserve configuration accordingly.Duplicate of #228
The text was updated successfully, but these errors were encountered: