Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tvdung94 - Protocol will treat unsupported assets, which were previously supported, as legit assets in health check and liquidation #426

Closed
sherlock-admin4 opened this issue Aug 24, 2024 · 0 comments
Closed

tvdung94 - Protocol will treat unsupported assets, which were previously supported, as legit assets in health check and liquidation #426

sherlock-admin4 opened this issue Aug 24, 2024 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed

Comments

@sherlock-admin4
Copy link
Contributor

sherlock-admin4 commented Aug 24, 2024
edited by WangSecurity
Loading

tvdung94

High

Protocol will treat unsupported assets, which were previously supported, as legit assets in health check and liquidation

Summary

There is a case where assets used to be supported/ known were added into position assets before becoming unsupported. In this case, these assets will still be treated as known asset by risk engine .

Root Cause

  • In RiskModule.sol:232, the risk engine does not check if there is unsupported asset in the position assets. There is the case where assets used to be supported, were being added into position, but later becoming unsupported.
  • Similarly in PositionManager.sol:469, transferAssetsToLiquidator does not check if the asset is supported or not.

Internal pre-conditions

  1. Asset A was supported by the protocol and was added into the position.
  2. Asset A becomes unknown/unsupported.

External pre-conditions

N/A

Attack Path

N/A

Impact

  • Users could still use value of unsupported/unknown assets to borrow/backing up debts
  • Protocol could give unsupported assets to liquidators.

Code Snippet

https://github.com/sherlock-audit/2024-08-sentiment-v2/blob/0b472f4bffdb2c7432a5d21f1636139cc01561a5/protocol-v2/src/PositionManager.sol#L466-L482

https://github.com/sherlock-audit/2024-08-sentiment-v2/blob/0b472f4bffdb2c7432a5d21f1636139cc01561a5/protocol-v2/src/RiskModule.sol#L232-L237

PoC

No response

Mitigation

Consider adding a check to see if asset is supported:

        for (uint256 i; i < positionAssetsLength; ++i) {
     >>>       if (!positionManager.isKnownAsset()[positionAssets[i]]) continue;
            uint256 assets = getAssetValue(position, positionAssets[i]);
            // positionAssetData[i] stores value of positionAssets[i] in eth
            positionAssetData[i] = assets;
            totalAssetValue += assets;
        }


function _transferAssetsToLiquidator(address position, AssetData[] calldata assetData) internal {
        // transfer position assets to the liquidator and accrue protocol liquidation fees
        uint256 assetDataLength = assetData.length;
        for (uint256 i; i < assetDataLength; ++i) {
            // ensure assetData[i] is in the position asset list
           >>> if (Position(payable(position)).hasAsset(assetData[i].asset) == false && !isKnownAsset[assetData[i].asset]) {
                revert PositionManager_SeizeInvalidAsset(position, assetData[i].asset);
            }
            // compute fee amt
            // [ROUND] liquidation fee is rounded down, in favor of the liquidator
            uint256 fee = liquidationFee.mulDiv(assetData[i].amt, 1e18);
            // transfer fee amt to protocol
            Position(payable(position)).transfer(owner(), assetData[i].asset, fee);
            // transfer difference to the liquidator
            Position(payable(position)).transfer(msg.sender, assetData[i].asset, assetData[i].amt - fee);
        }
    }

Duplicate of #282
@github-actions github-actions bot added the Medium A Medium severity issue. label Sep 5, 2024
@sherlock-admin3 sherlock-admin3 added Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed labels Sep 10, 2024
@z3s z3s added the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Sep 15, 2024
@z3s z3s closed this as completed Sep 15, 2024
@sherlock-admin4 sherlock-admin4 changed the title Shambolic Cobalt Copperhead - Protocol will treat unsupported assets, which were previously supported, as legit assets in health check and liquidation tvdung94 - Protocol will treat unsupported assets, which were previously supported, as legit assets in health check and liquidation Sep 15, 2024
@sherlock-admin4 sherlock-admin4 added the Reward A payout will be made for this issue label Sep 15, 2024
@yashar0x yashar0x mentioned this issue Sep 23, 2024
Closed
@cvetanovv cvetanovv mentioned this issue Sep 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A Medium severity issue. Reward A payout will be made for this issue Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@z3s @sherlock-admin3 @sherlock-admin4