LiquidationPoolManager.runLiquidation may revert for some tokens
Summary
LiquidationPoolManager.runLiquidation may revert for some tokens.
Vulnerability Details
When LiquidationPoolManager.runLiquidation is called, then it will liquidate some vault and liquidated collateral will be sent to the LiquidationPoolManager contract. Then function loops through all assets and calculates amount that it has. Then it approves those tokens to the pool.
When LiquidationPool(pool).distributeAssets is called, then all approved tokens are trying to be sold for the pool stakes holders. Portion by portion those assets are sent to the holders. But it is possible that not whole amount will buyed by pool. That's why we have forwardRemainingRewards call to send those tokens to the treasury.
In case if not whole amount was bought, then it means that not whole allowance was used. Also it means that when next time approve will be called for some tokens like USDT, then it will revert, because previous allowance was not fully used. As result function will stop working for USDT and liquidations will fail which will create bad debt.
Impact
Liquidation will stop working.
Tools Used
VsCode
Recommendations
Reset allowance to 0 before next approve.
Lead Judging Commences
pool-approval
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.