Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

StabilityPool::onlyManagerOrOwner wrong logical operator, will work only if msg.sender is manager AND Owner -> manager cannot trigger liquidation

foufrix

Summary

In StabilityPool, the modifier onlyManagerOrOwner will revert when manager tries to call it.

Vulnerability Details

modifier onlyManagerOrOwner() {
if (!managers[msg.sender] && msg.sender != owner()) revert UnauthorizedAccess();
_;
}

The condition will work only if owner is manager. This modifier is present on the function liquidateBorrower

In the current state of deployment, owner is not by default manager, and managers are expected to trigger liquidation when needed but will not be able to.

Impact

In its current state, the liquidation mechanism is not callable by anyone. Managers are not able to liquidate users. It's a time-sensitive function, protocol will accumulate bad debt.
Users are impossible to liquidate and will exploit this to accumulate debt with no risk of liquidation.
All the Lending will not work properly. Users who lend crvUSD will lose everything as NFT pegged to bad debt will be stuck in the LendingPool contract.

Tools Used

Manuel

Recommendations

Update the modifier to handle role management properly:

modifier onlyManagerOrOwner() {
if (managers[msg.sender] || msg.sender == owner()) {
_;
} else {
revert UnauthorizedAccess();
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!