Platform: Code4rena
Start Date: 18/04/2024
Pot Size: $36,500 USDC
Total HM: 19
Participants: 183
Period: 7 days
Judge: Koolex
Id: 367
League: ETH
Rank: 132/183
Findings: 1
Award: $4.87
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: dimulski
Also found by: 0xleadwizard, 0xlemon, Aamir, Al-Qa-qa, AvantGard, Bauchibred, Cryptor, DarkTower, Egis_Security, Giorgio, Maroutis, MrPotatoMagic, OMEN, Ocean_Sky, Ryonen, SBSecurity, Sabit, SpicyMeatball, Stefanov, T1MOH, Tigerfrake, WildSniper, atoko, bhilare_, darksnow, fandonov, grearlake, iamandreiski, igdbase, pontifex, web3km, xiao
4.8719 USDC - $4.87
https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L156-L169 https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L205-L228
Impact: high likelihood: mid
Low value accounts will not be liquidated in appropriate time due to gas cost on Ethereum mainnet.
Liquidators typically engage in liquidating users for potential profits. However, if there's no profit to be gained, there's no incentive to liquidate undercollateralized accounts.
Lets consider the following 2 scenarios.
Scenario 1:
Consider an account with $18 worth of collateral and 10 DYAD tokens minted.
The collateral value falls to $14 in a market crash
Say, the gas fees for liquidation is $20 due to network demand on ethereum mainnet
(This user is undercollateralized and should ideally be liquidated to maintain protocol integrity)
However, given the low value of the account, liquidators may not profit from liquidating this user after factoring in gas costs.
Consequently, these low-value accounts may never undergo liquidation, resulting in bad debt accumulation and potentially causing the protocol to become undercollateralized if enough small value accounts are in deficit.
Scenario 2 :
Alice = High net worth attacker
Alice shorts DYAD protocol with significant capital and so wants to bring down its value.
Alice opens multiple small value accounts when the corresponding collateral price is at an all-time-high. (preferably when network gas cost is relatively lower)
The collateral price crashes due to external market conditions, and all their small value accounts become undercollateralized.
Liquidators see no value in liquidating these small positions, due to lack of incentives factoring in high gas costs.
The DYAD protocol value crashes due to insolvency risks
The short will outweigh any losses Alice makes by opening those small value accounts to grief the protocol, making this a profitable attack overall
Manual Analysis
A potential solution could be to implement a minimum collateral threshold for minting DYAD tokens.
This would ensure that users can only mint DYAD tokens if their collateral value exceeds a certain threshold (say $80), making liquidations economically viable for liquidators.
Other
#0 - c4-pre-sort
2024-04-27T17:31:52Z
JustDravee marked the issue as duplicate of #1258
#1 - c4-pre-sort
2024-04-29T09:16:50Z
JustDravee marked the issue as sufficient quality report
#2 - c4-judge
2024-05-03T14:07:47Z
koolexcrypto changed the severity to QA (Quality Assurance)
#3 - c4-judge
2024-05-12T09:33:18Z
koolexcrypto marked the issue as grade-c
#4 - c4-judge
2024-05-22T14:26:07Z
This previously downgraded issue has been upgraded by koolexcrypto
#5 - c4-judge
2024-05-28T16:52:24Z
koolexcrypto marked the issue as satisfactory
#6 - c4-judge
2024-05-28T20:06:31Z
koolexcrypto marked the issue as duplicate of #175