15,000 USDC
View results
Submission Details
Severity: medium

DSCEngine.liquidate():: Borrower can liquidate himself.

Summary

Borrower can liquidate himself which is able to bypass the liquidation fee.

Vulnerability Details

In most DeFi protocols, when a borrower's collateral falls below a certain threshold, their position is subject to liquidation. A liquidator is someone who repays part or all of the borrower's debt and, in return, receives a portion of the borrower's collateral, often at a discount as a reward.

In the DSCEngine contract, this could lead to a situation where a borrower could avoid the penalties associated with under-collateralization by essentially paying back their own loan through the backdoor of liquidation, bypassing the platform's intended risk management mechanisms.

There is an example of compound finance

Impact

Borrow can bypass the liquidation penalty.

Tools Used

vscode

Recommendations

Add a require statement below

require(user != msg.sender, "Borrower cannot liquidate himself");

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.