The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

If underlying collateral token is pausable, undercollateralised vaults can't be liquidated

djxploit

Summary

As more tokens are going to be included in accepted tokens array, so tokens like USDC may also get included. The risk with that is that the protocol doesn't support pausable tokens like USDC.

When a user submits pausable tokens like USDC as collateral to the vaults, then if the USDC token is paused, and the vault gets undercollateralised, then liquidator can't liquidate the vault as the USDC contract is paused, which will make the safeTransfer function in liquidateERC20 to revert.

Vulnerability Details

In function liquidateERC20,

function liquidateERC20(IERC20 _token) private {
if (_token.balanceOf(address(this)) != 0) _token.safeTransfer(ISmartVaultManagerV3(manager).protocol(), _token.balanceOf(address(this)));
}

the saferTransfer will revert , if the underlying token is paused (which can happen in tokens like USDC). This will block the liquidator from liquidating the vault even if it is undercollateralised.

Impact

Liquidator will not be able to liquidate undercollateralised vaults.

Tools Used

Manual review

Recommendations

Create a different liquidate function to handle vaults with pausable token as collateral.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

token-pause

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

token-pause

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.