Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Liquidation revert when collateralization ratio is low even protocol is not insolvent

pengun

Summary

As stated in the comment, there is no way to recover it when protocol is insolvent. However, liquidation could become impossible, even when there is enough funding in the protocol, if the user's collateral ratio is low. An underflow issue during collateral redemption could cause protocol insolvency that cannot be recovered from.

Vulnerability Details

During the liquidation process, the following steps are taken:

The liquidator calculates tokenAmountFromDebtCovered based on the amount of DSC they are repaying on behalf of.
Multiply tokenAmountFromDebtCovered by 1.1 to get totalCollateralToRedeem.
Transfer totalCollateralToRedeem from the person being liquidated to the liquidator.
Burn the DSC that the liquidator repaid on behalf of.

In the third step, if totalCollateralToRedeem is greater than the amount of tokens the person being liquidated has provided as collateral, an underflow occurs, causing the transaction to revert.

function _redeemCollateral(address from, address to, address tokenCollateralAddress, uint256 amountCollateral)

private

{

s_collateralDeposited[from][tokenCollateralAddress] -= amountCollateral; // <= underflow!

emit CollateralRedeemed(from, to, tokenCollateralAddress, amountCollateral);

bool success = IERC20(tokenCollateralAddress).transfer(to, amountCollateral);

if (!success) {

revert DSCEngine__TransferFailed();

}

Performing partial liquidation will not result in an underflow, but it will increase the health factor, causing a DSCEngine__HealthFactorNotImproved error. This issue could occur even when the DSCEngine contract has enough funds internally, and if accumulated, could negatively impact the protocol.

uint256 endingUserHealthFactor = _healthFactor(user);

if (endingUserHealthFactor <= startingUserHealthFactor) {

revert DSCEngine__HealthFactorNotImproved();

}

Impact

If this situation occurs frequently, it could lead to the protocol becoming insolvent. This could result in significant financial losses for users and could potentially make the protocol unusable.

Tools Used

VS Code

Recommendations

To prevent this from happening, you could consider removing the health factor check logic. So user can partial liquidate.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.