The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

A user can call the "burn" function after being undercollateralized and withdraw collateral

sabit

Summary

A user can call the "burn" function after being undercollateralized and withdraw collateral.

Vulnerability Details

The SmartVault contract uses a manual method of liquidating an undercollateralized vault. If the "liquidate" function is not called, a malicious user can still call the "burn" function and withdraw his collateral by calling the removeCollateral or removeCollaterNative or removeAsset.

The burn function doesn't check if a user is undercollateralized when the "burn" function is called. The function only checked if amount to be burnt is within the minted amount.

In a situation where a user is undercollateralized and the liquidate function hasn't been called, a malicious user can:

  • Call the burn function to burn minted amount

  • Call removeCollaterNative or removeCollateral or removeAsset - depending on the deposited asset.

And walk away despite being undercollateralized.

Impact

This can run down the protocol financial wise.

Tools Used

Manual review

Recommendations

The "burn" function should check if a user is undercollateralized

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

access-control

hrishibhat Lead Judge
over 1 year ago
hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice
patrickalphac Auditor
over 1 year ago

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.