Submission Details
Severity:
The ``distributeAssets()`` of LiquidationPool.sol contract lacks access control.
Summary
The distributeAssets() of LiquidationPool.sol contract lacks access control.
Vulnerability Details
The distributeAssets() of LiquidationPool.sol contract can be called by anyone with any parameters.
function distributeAssets(
ILiquidationPoolManager.Asset[] memory _assets,
uint256 _collateralRate,
uint256 _hundredPC
) external payable {
...
Also, No amount is lost for the attacker except for the gas fees as all amount is transferred from the manager contract.
...
} else {
IERC20(asset.token.addr).safeTransferFrom(manager, address(this), _portion);
}
Impact
_collateralRate of distributeAssets() can be set very low and _hundredPC can be set very high by the attacker to forcefully liquidate users position and causing loss of funds for the user.
uint256 costInEuros = _portion * 10 ** (18 - asset.token.dec) * uint256(assetPriceUsd)
/ uint256(priceEurUsd) * _hundredPC / _collateralRate;
if (costInEuros > _position.EUROs) {
_portion = _portion * _position.EUROs / costInEuros;
costInEuros = _position.EUROs;
}
_position.EUROs -= costInEuros;
Tools Used
Manual Analysis
Recommendations
Add the onlyManager modifer for the distributeAssets().
function distributeAssets(
ILiquidationPoolManager.Asset[] memory _assets,
uint256 _collateralRate,
uint256 _hundredPC
) external payable onlyManager{
Updates
Lead Judging Commences
hrishibhat over 1 year ago
Submission Judgement Published Assigned finding tags:
distributeAssets-issue
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
60933 USDC / LOC
17,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.