Lack of Explicit Check Before Initiating Vault Liquidation
Summary
The runLiquidation function in the provided contract lacks an explicit check for the existence of assets to liquidate before calling the liquidateVault function. This oversight poses a potential security risk as the code assumes that the liquidateVault function performs the necessary validations, which may lead to unexpected behavior or financial risks.
Vulnerability Details
The smart contract in question features a function named runLiquidation responsible for triggering the liquidation process of a specified vault. However, a crucial oversight has been identified: the absence of an explicit check to confirm the existence of assets in the vault before initiating the liquidation via the liquidateVault function from the ISmartVaultManager interface.
The runLiquidation function currently lacks a validation step to ensure that the vault specified by _tokenId contains assets eligible for liquidation. This omission poses a notable security concern, as it relies on the assumption that the liquidateVault function performs all necessary checks.
Impact
Risk of initiating liquidation without valid assets.
Tools Used
Manual. Hardhat
Recommendations
Implement a validation step within the runLiquidation function to ensure that the liquidation is initiated only when there are valid assets to liquidate. This can be achieved by introducing a condition that checks whether the specified _tokenId corresponds to a vault with assets eligible for liquidation.
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.