The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Disallowing accepted token will lead stakers to loss fund

0xaraj

Summary

When a accepted token is removed/disallowed then immediately it undercollateralized many smart vaults using that token, also it leads stakers to loss funds

Vulnerability Details

User can deposit any token to smart vaults, if it's accepted token then user can mint against it, if it's not then can remove token using removeAsset function. But if a accepted token is removed/disallowed then vaults using that token will became undercollateralized and when vault gets liquidated then that token will not go to pool as it's not a accepted token now, and user will also be able to remove that token using removeAsset function

How this works:-

User deposited 1000 USDT(for example)
Minted 500 euros against it
Owner removed USDT as collateral
Vault got undercollateralized and gets liquidated
Now, user can use removeAsset function to withdraw that deposited USDT

//Here is the POC

it("Disallowing token leads loss of funds", async () => {

// Using Tether as a collateral for testing

const Tether = await (

await ethers.getContractFactory("ERC20Mock")

).deploy("Tether", "USDT", 6);

const USDTBytes = ethers.utils.formatBytes32String("USDT");

const clUsdUsdPrice = 100000000;

const ClUsdUsd = await (

await ethers.getContractFactory("ChainlinkMock")

).deploy("USD / USD");

await ClUsdUsd.setPrice(clUsdUsdPrice);

await TokenManager.addAcceptedToken(Tether.address, ClUsdUsd.address);

//Depositing 1000 USDT as collateral

const value = 1000000000;

await Tether.mint(Vault.address, value);

// Minting 500 euros against Tether

const mint = ethers.utils.parseEther("500");

await Vault.connect(user).mint(user.address, mint);

expect(await Vault.undercollateralised()).to.equal(false);

// Removing Tether as a collateral

await TokenManager.removeAcceptedToken(USDTBytes);

expect(await Vault.undercollateralised()).to.equal(true);

// Removing collateral

await Vault.connect(user).removeAsset(

Tether.address,

value,

user.address

);

expect(await Tether.balanceOf(user.address)).to.equal(value);

});

Impact

All the stakers will loss on collateral

Tools Used

Manual Review

Recommendations

some recommendations are like seize that removed token from vault, if it's undercollateralized the vault or prevent removal of that token

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

remove-token

hrishibhat Lead Judge

almost 2 years ago

hrishibhat Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

removetoken-low

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!