Any holder with a consolidated stake can steal the entire ETH in `LiquidationPool`
Description
Any holder with a consolidated position can exploit the entire ETH (native crypto) in LiquidationPool by invoking LiquidationPool.distributeAssets
Impact
Any holder with a consolidated stake may steal the entire ETH in LiquidationPool.
POC
Alice and Bob each have a consolidated stake of (10,000 TST; 10,000 EUROS).
1 ETH is distributed at a valuation of 2000 (considering discount, current market value is 2200). Consequently, Bob and Alice's consolidated positions are updated to (10,000 TST; 9000 EUROS), with each having the right to claim 0.5 ETH.
Bob calls
LiquidationPool.distributeAssets(_assets: [{token: {symbol: NATIVE;addr: address(0);dec: 18;clAddr: chainlinkOracleETHUSD;clDec: chainlinkOracleDecimals},amount: LiquidationPool.balance()}], _collateralRate: 1,_hundredPC: 0).
Severity justification
Theft of funds
Recommended mitigation
Reimplement LiquidationPool.returnUnpurchasedNative
To determine whether to call this function or not, a flag can be set to true in distributeAssets if any asset is the native asset.
Also, for every asset, check that it is not native. If it is, then calculate the portion based on msg.value.
Lead Judging Commences
distributeAssets-issue
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.