Summary

The shutdownMarket() function contains an incorrect logical check for the collateral ratio cRatio. This function is designed to shut down a market if the cRatio falls below the minimum collateral ratio LibAsset.minimumCR(asset). However, due to a logic error, the function will not revert when cRatio is equal to the minimumCR, although it should. Since the protocol initially will have only one asset (cUSD), the malicious shutdown of this market would make the entire protocol unusable.

Vulnerability Details

Here, the function checks if cRatio is greater than LibAsset.minimumCR(asset) and reverts if so. The correct behavior would be to revert the function if cRatio is greater than or equal to the minimum collateral ratio. The issue is with the use of the > symbol when it should be >=.

Impact

• Protocol Shutdown: A malicious user could exploit this vulnerability to shut down a healthy market. Since the protocol will initially support only one asset (cUSD), this would render the entire protocol inoperable.

• Incorrect Behavior: Markets that have a cRatio equal to the minimumCR will not be correctly managed, and could be shutdown when they shouldn't be.

Recommendations

Code Modification: Update the conditional check to if (cRatio >= LibAsset.minimumCR(asset)) to correctly include the scenario where cRatio is equal to minimumCR.