The whole transaction would revert if a single user from the list repays his borrows
Summary
Vulnerability Details
The protocol uses a script to upgrade the mFrax and mxcDOT tokens to a new implementation that introduces the fixUser function. The function checks if a user has bad debt and zeroes it out. If the user has no bad debt the transaction reverts.
The script mip-m17.sol adds operations to the transaction. The operations it adds include calling the fixUser function for users with bad debt, from a predetermined list. The problem here arises from the fact that if a user repays his bad debt before the transaction is run it would revert wasting the gas spend so far.
The protocol devs would have to remove user from the JSON that reads the bad debt addresses and re-execute the transaction which would cost up to 6 mil gas. At 100 Gwei per gas that's around $2500 -> https://gascalculator.xyz/
Impact
Low impact as a user has no incentive to repay his bad debt, but NOT impossible.
Tools Used
Manual Review
Recommendations
In MErc20DelegateFixer::fixUser just return instead of reverting if the user has no bad debt. This would not revert the whole transaction.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.