DittoETH

Summary

the secondaryLiquidationCR threshold can be changed instantly by the admin (without the timelock delay of DAO) in OwnerFacet which could put a lot of shorters in a liquidatable state and won't give them the time to increase their collateral amount in response to avoid the liquidation.

Vulnerability Details

In OwnerFacet contract, the function which is responsible for changing the secondary liquidation threshold setSecondaryLiquidationCR can be called directly by the admin.

In contrary to the DAO, the admin doesn't have to respect a timelock delay before executing the calls and so he will be able to call the function to change the threshold instantly.

In the case if the primaryLiquidationCR is changed by the admin it won't put shorters at immediate risk of liquidation as the protocol does give them time to adapt to this change, but instead if the secondaryLiquidationCR is changed by the admin without any warning some shorters will find them self in a liquidatable state instantly without being warned and thus they won't be able to increase their collaterals in response and will lose all their funds from the liquidation.

Even if the admin is a trusted party, bacause of the impact of all the liquidation thresholds on the shorter collateral they should only be changed by the DAO through a timelock delay to always giev the shorter enough time to adjust their positions.

Impact

Shorters can become liquidatable instantly if the admin changes secondaryLiquidationCR threshold without any warning which will lead to an unfair loss of their collateral funds.

Tools Used

Manual review

Recommended Mitigation

The setSecondaryLiquidationCR function should only be callable by the DAO to avoid an unfair instant liquidation of shorters collaterals.