Dangling approvals in `LiquidationPoolManager::runLiquidation` and insufficient access control in `LiquidationPool::distributeAssets` could be abused to steal accumulated fees
Description
If a vault is not fully liquidated by the call to LiquidationPool::distributeAssets within LiquidationPoolManager::runLiquidation, it is possible for the LiquidationPoolManager contract to have dangling approvals. The lack of access control on LiquidationPool::distributeAssets means it is possible for any arbitrary caller to spend these approvals, distributing the tokens held by this contract between holders instead of the protocol treasury.
Swap fees are transferred directly to the protocol treasury, so it is unlikely that this contract will hold non-zero collateral token balances, but approvals should nonetheless be reset to zero after the distribution of assets by the LiquidationPool so as to avoid the issue of dangling approvals when running partial liquidations. Accumulated EURO fees are likely relatively small given that LiquidationPool::distributeFees is called on each invocation of LiquidationPoolManager::runLiquidation, and in any case, there will not be any dangling approvals for this token unless it is added as a collateral token in the future (which is not recommended).
Impact
Tokens could be erroneously distributed to stakers, although with low likelihood, so this issue is of low severity.
Recommended Mitigation
Add appropriate access control to LiquidationPool::distributeAssets and consider resetting approvals to zero after assets have been distributed.
Lead Judging Commences
distributeAssets-issue
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.