Smart Vault NFTs can be transferred even after being liquidated
Summary
Since Smart Vault NFTs are expected to be sold on secondary markets, it is conceivable to assume some will be sold in auctions. This auction will finalize even if in the meantime the vault has been liquidated and lost its value.
Vulnerability Details
Users can participate in bidding auctions for a vault, while the vault can be liquidated in the mean time.
Unwanted scenario:
User lists Smart Vault NFT for an auction on secondary market.
Someone bids an amount for the NFT
Smart vault NFT gets liquidated in the meantime.
Auction finalizes, NFT is transferred to highest bidder and the user gets the highest bid amount transferred to him.
While this can be described as something as a risk that the bidders need to accept (vaults' value being changed due to market conditions), I believe it to be a bad protocol design choice since it is definitely not wanted by the protocol designers to have liquidated vaults being transferred around because, as described here, it can be used for malicious acts.
Impact
Users lose funds paid for smart vault nfts and are left with liquidated vaults.
Tools Used
Manual review
Recommendations
Disable transfers on liquidated vaults
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.