The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

If `LiquidaitonPoolManager.protocol` is blacklisted from a token in `TokenManager` token, then no vault can be liquidated

carlitox477

Description

If a token gets blacklisted from LiquidaitonPoolManager.protocol, which is an immutable variable, it can lead to a scenario where no vaults are liquidatable until the token is also blacklisted from TokenManager. Blacklisting a token from the token manager would signify that it's no longer considered as collateral, potentially triggering extensive liquidations.

Impact

Possibility of DOS through liquidations if at least one whitelisted token blacklists LiquidaitonPoolManager.protocol.

Recommended mitigation

  1. Transform protocol into a normal state variable.

  2. Implement a setProtocol function to enable changing its value.

  3. In case LiquidationPoolManager.forwardRemainingRewards reverts with a specific token, throw a custom error indicating the token responsible for the revert.

An off-chain bot can monitor this error and automatically update protocol value accordingly.

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

blacklist-dos

hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Out of scope
Assigned finding tags:

blacklist-dos

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!