Submission Details
Severity:
If accepted token in vault is paused, vault can not be liquidated
Summary
If vault have accepted token that is pausable, vault can't be liquidated due to revert on transfer
Vulnerability Details
When a vault is under-collateralised, anyone can call liquidation to liquidate that vault. In that case, all token will be transfered:
function liquidate() external onlyVaultManager {
require(undercollateralised(), "err-not-liquidatable");
liquidated = true;
minted = 0;
liquidateNative();
ITokenManager.Token[] memory tokens = getTokenManager().getAcceptedTokens();
for (uint256 i = 0; i < tokens.length; i++) {
if (tokens[i].symbol != NATIVE) liquidateERC20(IERC20(tokens[i].addr)); // <------
}
}
function liquidateERC20(IERC20 _token) private {
if (_token.balanceOf(address(this)) != 0) _token.safeTransfer(ISmartVaultManagerV3(manager).protocol(), _token.balanceOf(address(this))); // <-----
}
If accepted token in the vault is pausable, like USDC, is paused, all transfer will be reverted, and vault won't be liquidated even it is under-collateralised.
Impact
User can avoid being liquidated unfairly
Tools Used
Manual review
Recommendations
Skip transfer if token failed to transfer, and do not allow vault owner transfer asset that accepted after liquidation
Updates
Lead Judging Commences
0x996
almost 2 years ago
anjalit
almost 2 years ago
hrishibhat
almost 2 years ago
hrishibhat almost 2 years ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
token-pause
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
60933
USDC / LOC
17,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.