tvdung94 - Protocol will treat unsupported assets, which were previously supported, as legit assets in health check and liquidation #426
Labels
Duplicate
A valid issue that is a duplicate of an issue with `Has Duplicates` label
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Disputed
The sponsor disputed this issue's validity
Won't Fix
The sponsor confirmed this issue will not be fixed
tvdung94
High
Protocol will treat unsupported assets, which were previously supported, as legit assets in health check and liquidation
Summary
There is a case where assets used to be supported/ known were added into position assets before becoming unsupported. In this case, these assets will still be treated as known asset by risk engine .
Root Cause
RiskModule.sol:232
, the risk engine does not check if there is unsupported asset in the position assets. There is the case where assets used to be supported, were being added into position, but later becoming unsupported.PositionManager.sol:469
, transferAssetsToLiquidator does not check if the asset is supported or not.Internal pre-conditions
External pre-conditions
N/A
Attack Path
N/A
Impact
Code Snippet
https://github.com/sherlock-audit/2024-08-sentiment-v2/blob/0b472f4bffdb2c7432a5d21f1636139cc01561a5/protocol-v2/src/PositionManager.sol#L466-L482
https://github.com/sherlock-audit/2024-08-sentiment-v2/blob/0b472f4bffdb2c7432a5d21f1636139cc01561a5/protocol-v2/src/RiskModule.sol#L232-L237
PoC
No response
Mitigation
Consider adding a check to see if asset is supported:
Duplicate of #282
The text was updated successfully, but these errors were encountered: