It is a known issue that the protocol will break if it is insolvent. However, above 100% collateral rate (solvent) it is supposed to work, which is not the case.
The 10% liquidation_bonus
breaks the liquidate()
function when the collateral rate is above 100% but below 110%
Observe the example in the comments of the liquidate function()
This works fine as long as the bad debt is above $110, but what happens when it is below?
Example:
bad debt = $105 ETH, 100 DSC
liquidator pays 100 DSC and receives $100*1.10 = 110 dollar in ETH
The liquidate()
function will call _redeemCollateral()
which will then try to deduct 110 dollar in ETH from a balance of 105 dollar in ETH and cause an underflow which will then revert the function.
POC in Github Gist
Collateral positions that should be callable by liquidate()
are not working and this breaks a critical function of the system.
Manual review, Foundry
Implement a check in the liquidate()
function that makes sure the amount to be received by the liquidator can never be greater than the amount held by the initial collateral holder.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.