The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Liquidation can be avoided by burning EUROs tokens

tripathi

Summary

Users can prevent liquidation of undercollateralized positions by burning EUROs tokens, reducing the vault's minted value and effectively avoiding liquidation

Vulnerability Details

Liquidation is triggered by LiquidationPoolManager.runLiquidation() which further manager.liquidateVault() and if vault has more minted value than the deposit collateral it will liquidate the smart vault.

SmartVaults owners can exploit this vulnerability by frontrunning liquidation call and burning EUROs tokens to decrease the vault's minted value, potentially preventing liquidation.

File: contracts/SmartVaultV3.sol
function burn(uint256 _amount) external ifMinted(_amount) {
uint256 fee = _amount * ISmartVaultManagerV3(manager).burnFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();
minted = minted - _amount;
EUROs.burn(msg.sender, _amount);
IERC20(address(EUROs)).safeTransferFrom(msg.sender, ISmartVaultManagerV3(manager).protocol(), fee);
emit EUROsBurned(_amount, fee);
}

https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/SmartVaultV3.sol#L169

just by transferring fees user can adjust their position.
The root cause of problem is that burn does not check if user are in position to burn or not

Impact

every vaults can avoid liquidation

Tools Used

Manual

Recommendations

Implement a check in the burn() function to ensure that users burning tokens are eligible to do so based on their vault's collateralization status

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

access-control

hrishibhat Lead Judge
over 1 year ago
hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.