Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

DSCEngine.liquidate():: Borrower can liquidate himself.

0xDanielH

Summary

Borrower can liquidate himself which is able to bypass the liquidation fee.

Vulnerability Details

In most DeFi protocols, when a borrower's collateral falls below a certain threshold, their position is subject to liquidation. A liquidator is someone who repays part or all of the borrower's debt and, in return, receives a portion of the borrower's collateral, often at a discount as a reward.

In the DSCEngine contract, this could lead to a situation where a borrower could avoid the penalties associated with under-collateralization by essentially paying back their own loan through the backdoor of liquidation, bypassing the platform's intended risk management mechanisms.

There is an example of compound finance

Impact

Borrow can bypass the liquidation penalty.

Tools Used

vscode

Recommendations

Add a require statement below

require(user != msg.sender, "Borrower cannot liquidate himself");

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.