The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

unrestricted inputs triggering unfair asset liquidation

zach030

Summary

A significant vulnerability exists in the LiquidationPool contract, specifically within the decreasePosition function.
This function improperly handles user input values, leading to potential manipulation and unintended asset liquidation.

Vulnerability Details

The decreasePosition function allows users to input arbitrary values for _tstVal and _eurosVal without adequate validation.
It triggers the ILiquidationPoolManager to call distributeFees, resulting in an increase in every position.
Users can exploit this by repeatedly calling the function with minimal or zero values for _tstVal and _eurosVal, unjustifiably triggering fee distribution and accumulating positions.

function decreasePosition(uint256 _tstVal, uint256 _eurosVal) external {
consolidatePendingStakes();
--> ILiquidationPoolManager(manager).distributeFees();
require(_tstVal <= positions[msg.sender].TST && _eurosVal <= positions[msg.sender].EUROs, "invalid-decr-amount");
if (_tstVal > 0) {
IERC20(TST).safeTransfer(msg.sender, _tstVal);
positions[msg.sender].TST -= _tstVal;
}
if (_eurosVal > 0) {
IERC20(EUROs).safeTransfer(msg.sender, _eurosVal);
positions[msg.sender].EUROs -= _eurosVal;
}
if (empty(positions[msg.sender])) deletePosition(positions[msg.sender]);
}

Impact

The flaw can lead to an unfair and disproportionate increase in positions.

Tools Used

Manaul Review

Recommendations

Implement strict validation checks on _tstVal and _eurosVal within the decreasePosition function to prevent arbitrary inputs.

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!