DittoETH
Ditto
DeFiFoundryOracle
55,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect Collateral Ratio Check in `shutdownMarket()`

nisedo

Summary

The shutdownMarket() function contains an incorrect logical check for the collateral ratio cRatio. This function is designed to shut down a market if the cRatio falls below the minimum collateral ratio LibAsset.minimumCR(asset). However, due to a logic error, the function will not revert when cRatio is equal to the minimumCR, although it should. Since the protocol initially will have only one asset (cUSD), the malicious shutdown of this market would make the entire protocol unusable.

Vulnerability Details

if (cRatio > LibAsset.minimumCR(asset)) {//@audit-issue should be >=
revert Errors.SufficientCollateral();
}

Here, the function checks if cRatio is greater than LibAsset.minimumCR(asset) and reverts if so. The correct behavior would be to revert the function if cRatio is greater than or equal to the minimum collateral ratio. The issue is with the use of the > symbol when it should be >=.

Impact

  • Protocol Shutdown: A malicious user could exploit this vulnerability to shut down a healthy market. Since the protocol will initially support only one asset (cUSD), this would render the entire protocol inoperable.

  • Incorrect Behavior: Markets that have a cRatio equal to the minimumCR will not be correctly managed, and could be shutdown when they shouldn't be.

Recommendations

Code Modification: Update the conditional check to if (cRatio >= LibAsset.minimumCR(asset)) to correctly include the scenario where cRatio is equal to minimumCR.

Updates

Lead Judging Commences

0xnevi Lead Judge about 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-326

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.