Moonwell

Moonwell
DeFiFoundry
15,000 USDC
View results
Submission Details
Severity: high
Invalid

Lack of Access Control in repayBadDebtWithReserves() opens way for dire discrepancies.

Summary

The intended use of the repayBadDebtWithReserves() function is to decrease both bad debt and reserves in a lending protocol. It is designed to be called when there are sufficient reserves available and when there is outstanding bad debt to be addressed. By reducing bad debt and reserves simultaneously, the function helps to improve the financial health of the lending protocol and maintain its stability.

This function is meant to be invoked under controlled circumstances and thus should typically be restricted to authorized entities to ensure responsible management of the protocol's resources.
However, Allowing anyone to call the repayBadDebtWithReserves() function could lead to several potential issues.

Vulnerability Details

function repayBadDebtWithReserves() external nonReentrant {
uint256 currentReserves = totalReserves;
uint256 currentBadDebt = badDebt;
require(currentReserves != 0, "reserves are zero");
require(currentBadDebt != 0, "bad debt is zero");
/// no reverts possible past this point
/// take the lesser of the two, subtract it from both numbers
uint256 subtractAmount = currentBadDebt < currentReserves
? currentBadDebt
: currentReserves;
/// bad debt -= subtract amount
badDebt = SafeMath.sub(currentBadDebt, subtractAmount);
/// current reserves -= subtract amount
totalReserves = SafeMath.sub(currentReserves, subtractAmount);
emit BadDebtRepayedWithReserves(
badDebt,
currentBadDebt,
totalReserves,
currentReserves
);
}

There are no Access control whatsoever in this function making it callabe by anyone including malicious entities.

Impact

  1. Misuse of Reserves: If anyone can call this function, they could potentially drain the reserves of the lending protocol, which are crucial for covering unexpected losses, managing liquidity, and maintaining stability. This could leave the protocol vulnerable in case of emergencies or large-scale liquidation events.

  2. Manipulation of Bad Debt: Allowing unrestricted access to reduce bad debt could enable malicious actors to manipulate the system by artificially reducing bad debt without legitimate cause. This could distort the financial health of the protocol and undermine its integrity.

  3. Economic Imbalance: Uncontrolled reduction of bad debt and reserves without proper oversight or justification could disrupt the economic balance within the lending protocol. It could lead to inaccurate risk assessment, misallocation of resources, and potentially unsustainable operations.

  4. Lack of Accountability: Allowing anyone to call this function removes accountability and oversight, as there are no checks or balances in place to ensure that the reduction of bad debt and reserves is done in a responsible and transparent manner.

Tools Used

Manual Review

Recommendations

To mitigate these issues, it's essential to implement proper access controls, such as permissioned roles or governance mechanisms, to restrict who can call this function. Additionally, clear guidelines and criteria should be established for when and how this function can be used to ensure responsible management of bad debt and reserves.

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.