The Standard

Summary

Due to the high gas costs incurred by the LiquidationPoolManager.runLiquidation(), liquidations of uncollaterized vaults of small collateral value will cost more gas than the rewards received by the caller. Therefore liquidators have no incentive to do so.

Vulnerability Details

In order for a SmartVaultV3 to be liquidated, LiquidationPoolManager.runLiquidation() needs to be called. Durings its execution it will remove the collateral from the target vault, distribute fees, and call LiquidationPool.distributeAssets() to do the actual distribution of the collateral tokens to the multiple stakers (also called holders) in the liquidation pool. As a consequence it uses lots of gas. For example, for a liquidation pool with 2 accepetd tokens and just 50 stakers (reasonable, but small number), the costs to call LiquidationPoolManager.runLiquidation() would surpass 12M gas.

Based on 08-Jan-2024 average gas costs per chain this would cost to the runLiquidation() caller the following amounts:

Now consider that during the above liquidation, the rewards from the vault collateral are distributed equally between all stakers (they all have equal stake) and ignoring protocol fees, for this liquidation be profitable for a single staker the total collateral value of the vault would have to be the following:

As we can see, even on L2 with their low gas costs, under the specific scenario above the vaults would have to hold more than $185 for the liquidations to be proftable for the caller. As a consequence, there is no incetive for vaults with small amounts of collateral to be liquidated.

Impact

Vaults with small amount of collateral have no incentive to be liquidated.

Tools Used

Manual Review

Recommended Mitigation

Consider only allowing EURO to be minted when the total collateral value from that vault surpass some specific threshold. Calculate this threshold based on the expected cost to call runLiquidation.