Unrestricted Manager Liquidation
Summary
Managers are allowed to liquidate any borrower’s position without any checks on their allocated limits, leading to potential over-liquidation and fund mismanagement.
Vulnerability Details
The liquidateBorrower function is accessible to both managers and the owner as seen in https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/pools/StabilityPool/StabilityPool.sol#L449. However, it does not enforce any limits on the liquidation amount based on a manager’s specific allocation as designed and seen at https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/pools/StabilityPool/StabilityPool.sol#L119 and https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/pools/StabilityPool/StabilityPool.sol#L146. This means that a manager could liquidate more than what they are authorized for, which may result in over-liquidation of borrowers’ positions and unauthorized depletion of pool reserves.
Impact
risk of over-liquidation per manager, leading to potential financial losses.
Tools Used
Manual Review
Recommendations
Introduce checks in the liquidateBorrower function to ensure that managers cannot exceed their assigned liquidation allocation.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.