Precision loss in `LiquidationPool::distributeAssets` could result in rewards not being paid to stakers with small EURO balances
Description
LiquidationPool::distributeAssets is called when liquidating a vault. If the value of asset.amount * _positionStake is less than stakeTotal and of the same or smaller order of magnitude, _portion will round down to zero.
The portion per staker is calculated using the following calculation:
For a collateral token with only a few decimals, this could cause small stakers not to receive rewards for small liquidations.
Since the entire pool could be large, with both TST and EURO balances contributing to the stake total sum, a single staker could be proportionally small despite having staked a significant amount of EURO. Furthermore, given the vault debt is reset to zero after liquidation, it could be the case that the loan is considered liquidated without being fully repaid.
Impact
Proportionally small stakers will receive no liquidation rewards. In some instances, if the liquidation value is sufficiently small or the total staked is sufficiently large, potentially very few holders will receive rewards, but the "liquidated" vault will cause the protocol to accrue bad debt. Therefore, this is a medium-severity finding.
Proof of Concept
Consider a low-decimal token such as GUSD which could later be added as accepted collateral and only has two decimals of precision:
This can also be demonstrated for WBTC which is currently listed as an accepted collateral and has eight decimals of precision:
Recommended Mitigation
Modify the liquidation portion calculations to work on values already scaled up to 18 decimals of precision.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.