The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Misdirection of Liquidated Assets Causes Undercollateralization of EUROs

krisrenzo

Description:

When vaults are liquidated, they are intended to be sent to the Liquidator address (i.e., LiquidatorPoolManager) to manage the liquidated assets. However, the vault erroneously sends these assets to the protocol address, which is the treasury. Instances of liquidated assets being directed to the protocol instead of the liquidator are evident in the following code segments:

To clarify any doubts or confusion about the difference between the protocol and liquidator addresses, consider the following points:

The known issues section of the contest document describes the protocol address as the treasury address.
"protocol address must be payable and able to handle ERC20s transferred. This address will be set to our Protocol's treasury wallet."
This code line clearly states which address is the liquidator. This point is further reinforced by the onlyLiquidator modifier.

Misdirection of liquidated assets leads to undercollateralization of EUROs, as assets are not immediately sold to balance the supply of EUROs. When a vault is liquidated, the collateral is sent to the protocol (treasury), instead of the liquidator (LiquidityPoolManager). As a result, these liquidated collateral are not sold immediately to buy back EUROs and burn, leading to undercollateralization of EUROs supply.

Impact:

Sending the Liquidated assets to the wrong address implies a delay between when vaults are liquidated and when they are actually sold to buy back and burn EUROs to balance the supply. If the price drops dramatically during this period, it could incur losses for the protocol.

Proof of Concept:

For a visual representation of the value flow in the network, see here.

Tools Used:

Manual review

Recommended Mitigation Steps:

Transfer assets to liquidator instead of protocol.

function liquidateERC20(IERC20 _token) private {

- if (_token.balanceOf(address(this)) != 0) _token.safeTransfer(ISmartVaultManagerV3(manager).protocol(), _token.balanceOf(address(this)));

+ if (_token.balanceOf(address(this)) != 0) _token.safeTransfer(ISmartVaultManagerV3(manager).protocol(), _token.balanceOf(address(this)));

}

function liquidateNative() private {

if (address(this).balance != 0) {

- (bool sent,) = payable(ISmartVaultManagerV3(manager).liquidator()).call{value: address(this).balance}("");

+ (bool sent,) = payable(ISmartVaultManagerV3(manager).protocol()).call{value: address(this).balance}("");

require(sent, "err-native-liquidate");

}

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

informational/invalid

krisrenzo Submitter

almost 2 years ago

billobaggebilleyan Auditor

almost 2 years ago

hrishibhat Lead Judge

almost 2 years ago

hrishibhat Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

informational/invalid

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!