Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

The `liquidateAccounts()` function always reverts for some collateral tokens

avci

Summary

The liquidateAccounts() function always reverts if a collateral token reverts on zero address transfer.

Vulnerability Details

This is a list of tokens that the protocol uses for collateral:

  • WETH

  • WEETH

  • WSTETH

  • WBTC

  • USDC

  • USDT

  • USDE

  • SUSDE

The issue is that some tokens in this list, like USDT and USDC, revert when transferring to the ZERO ADDRESS. The liquidateAccounts() function transfers order fees to the zero address, as seen in this line:

// deduct maintenance margin from the account's collateral
// settlementFee = liquidationFee
ctx.liquidatedCollateralUsdX18 = tradingAccount.deductAccountMargin({
feeRecipients: FeeRecipients.Data({
marginCollateralRecipient: globalConfiguration.marginCollateralRecipient,
orderFeeRecipient: address(0), //@audit erc20s like USDT will revert
settlementFeeRecipient: globalConfiguration.liquidationFeeRecipient
}),
pnlUsdX18: requiredMaintenanceMarginUsdX18,
orderFeeUsdX18: UD60x18_ZERO,
settlementFeeUsdX18: ctx.liquidationFeeUsdX18
});

This issue can lead to revert in liquidations in these tokens and provides risk-free trades for users because they are never liquidated due to this issue.

Impact

Liquidation will revert for some collateral tokens, providing risk-free trades for users.

Tools Used

Manual Review

Recommendations

I recommend not transferring any tokens in the liquidation process to minimize any potential risk. Instead, consider accounting for fees and implementing claim functions for receiving fees.

Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.