The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Interger underflow in `returnUnpurchasedNative()` causing distributeAssets to revert which could potentially cause the overall `runLiquidation` to fail

turvec

Summary

unsafe substraction operation in L99 could cause distributeAssets execution to revert

Vulnerability Details

The LiquidationPool::distributeAssets() function is called by the LiquidationPoolManager in the runLiquidation function call, in this distributeAssets() there is a call to the LiquidationPool::returnUnpurchasedNative() function passing in the total native portion accumulated for ALL holders. However, this total value is substracted from the _assets[i].amount of a NATIVE assset assuming _assets[i].amount will always be lesser than the total value of native portion accumulated for ALL holders.

if (_assets[i].token.addr == address(0) && _assets[i].token.symbol != bytes32(0)) {
(bool _sent,) = manager.call{value: _assets[i].amount - _nativePurchased}(""); // @note
require(_sent);
}

Impact

This would cause distributeAssets to revert which also causes the overall LiquidationPoolManager::runLiquidation to fail

Tools Used

Visual Studio Code

Recommendations

add check

if(_assets[i].amount > _nativePurchased)
Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.