The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Absence of any buffer for collateralization ratio can lead to liquidations immediately after a borrow

carrotsmuggler

Summary

The contract checks whether a vault is liquidatable by calling the isLiquidatable() function. This functions checks the current minted amount against the maximum amount mintable as shown below.

function undercollateralised() public view returns (bool) {
return minted > maxMintable();
}

The issue is that the user can mint all the way upto the maxMintable() amount themselves. So a user can get liquidated immediately after a borrow, with no buffer. Other lending protocols have separate mint limits and liqudiation limits, allowing a buffer for the price to fluctuate a bit.

Vulnerability Details

Due to no implemented buffer, users can get liquidated immediately after a borrow due to very small price fluctuations.

Impact

Users can face unexpected liquidations

Tools Used

Manual Review

Recommendations

Have a separate liquidation limit. Alow users to mint upto maxMintable, but only allow liquidation if the collateralization ratio is below a lower threshold.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

canRemoveCollateral

tripathi Auditor
over 1 year ago
hrishibhat Lead Judge
over 1 year ago
hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.