Submission Details
Severity:
A user can self-liquidate to get liquidation reward. Self-liquidation should not be allowed.
Summary
DSCEngine.liquidate() does not check if user is same as msg.sender.
A user can mint more stablecoin to make his position liquiditable then call liquidate() for himself.
Proof of Concept
https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L229-L238
function liquidate(address collateral, address user, uint256 debtToCover)
external
moreThanZero(debtToCover)
nonReentrant
{
// need to check health factor of the user
uint256 startingUserHealthFactor = _healthFactor(user);
if (startingUserHealthFactor >= MIN_HEALTH_FACTOR) {
revert DSCEngine__HealthFactorOk();
} // @audit - it does not check it's self-liquidation.
Impact
Self-liquidation will get user addition liquidation reward rather than repaying and redeeming collateral.
Tool used
Manual Review
Recommendation
DSCEngine.liquidate() should revert if msg.sender is same as user.
https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L229-L238
function liquidate(address collateral, address user, uint256 debtToCover)
external
moreThanZero(debtToCover)
nonReentrant
{
// need to check health factor of the user
uint256 startingUserHealthFactor = _healthFactor(user);
if (startingUserHealthFactor >= MIN_HEALTH_FACTOR) {
revert DSCEngine__HealthFactorOk();
}
+ require(msg.sender != user, DSCEngine_SelfLiquidaton);
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
23664 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.