DOS: Liquidator health factor takes a hit from participating in the liquidation process
Summary
Incorrect Accounting during liquidation would affect the liquidator's Health Factor.
Vulnerability Details
When a liquidator triggers a liquidation on a defaulter, two important functions are executed: _redeemCollateral and _burnDSC. The _redeemCollateral function transfers the amount equivalent to liquidate::debtToCover plus a 10% incentive from the defaulter to the liquidator.
Additionally, the function invokes _burnDSC, which contains a flaw in its accounting. While the user's DSC is burned, the DSC of the liquidator is merely transferred. Consequently, the balance of the liquidator's DSC is not reduced; the tokens are simply transferred without proper reduction.
Impact
The issue becomes evident when the liquidator attempts to redeem their DSC for collateral, as they will find it impossible to withdraw their entire DSC balance. The reason is that they are required to transfer that amount back into the contract, an amount they don't have due to their participation in the liquidation process.
Tools Used
Manual Review
Recommendation
Instead of solely transferring the tokens out of the liquidator's balance, it is advised to also deduct the amount of DSC used in liquidation from the balance in the contract storage. This adjustment will help resolve the problem and ensure proper functionality.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.