The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

`LiquidationPool::distributeAssets()` can deduct EUROs even if `_portion` is 0

auditism

Summary

The LiquidationPool::distributeAssets() allows users to automatically buy liquidated assets at a discounted price. In the case the the cost of the asset exceeds the user EUROs staked balance, the function will adjust the price and the amount of assets assigned to the user. However because of how soldity handles rounding the user might be deducted EUROs without getting any assets in return

Vulnerability Details

//LiquidationPool::distributeAssets()
if (costInEuros > _position.EUROs) {
_portion = _portion * _position.EUROs / costInEuros;
costInEuros = _position.EUROs;
}
_position.EUROs -= costInEuros;

If the (costInEuros > _position.EUROs holds true, _portion is recalculated, however, if the product of _portion * _position.EUROs is < costInEuros _position will be equal to 0.

Impact

The user EUROs will be deducted from his balance without receiving any rewards in return.

Tools Used

Manual review

Recommendations

To mitigate this issue it is recommend to add a check ensuring that if the _portion == 0 then no EUROs are deducted from the staker's balance.

//LiquidationPool::distributeAssets()
if (costInEuros > _position.EUROs) {
_portion = _portion * _position.EUROs / costInEuros;
costInEuros = _position.EUROs;
if( _portion == 0) costInEuros = 0;
}
_position.EUROs -= costInEuros;
Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

precision

hrishibhat Lead Judge
almost 2 years ago
hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!