Platform: Code4rena
Start Date: 18/04/2024
Pot Size: $36,500 USDC
Total HM: 19
Participants: 183
Period: 7 days
Judge: Koolex
Id: 367
League: ETH
Rank: 94/183
Findings: 1
Award: $17.29
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Infect3d
Also found by: 0x486776, 0xAlix2, 0xleadwizard, 0xnilay, Abdessamed, ArmedGoose, Bauchibred, Bigsam, GalloDaSballo, HChang26, Myrault, OMEN, SBSecurity, T1MOH, ZanyBonzy, alix40, atoko, iamandreiski, jesjupyter, ke1caM, miaowu, peanuts, vahdrak1
17.2908 USDC - $17.29
The current design of the liquidate function in the VaultManagerV2 contract presents a decreased incentive for liquidation when the collateral ratio drops below 1.2, potentially leading to under-collateralized positions that may never be liquidated. By implementing an admin-based liquidation function, the protocol can address this issue effectively, ensuring the timely liquidation of under-collateralized positions and maintaining the contract's overall stability and security.
The VaultManagerV2 contract includes a liquidate function designed to allow liquidators to repay the owed DYAD and receive the corresponding collateral worth of the DYAD plus a liquidation reward.
https://github.com/code-423n4/2024-04-dyad/blob/cd48c684a58158de444b24854ffd8f07d046c31b/src/core/VaultManagerV2.sol#L215
However, the current design of the liquidation function becomes less rewarding when the collateral value drops below a ratio of 1.2, potentially reducing the incentive for liquidators to execute the liquidate function. This can lead to positions in the contract that may never be liquidated, affecting the contract's overall stability and security.
The liquidate function calculates the liquidation equity share and asset share based on the capped collateral ratio (cappedCr):
uint cappedCr = cr < 1e18 ? 1e18 : cr; uint liquidationEquityShare = (cappedCr - 1e18).mulWadDown(LIQUIDATION_REWARD); uint liquidationAssetShare = (liquidationEquityShare + 1e18).divWadDown(cappedCr);
When the collateral ratio (cr) drops below 1.2, the liquidation reward may not provide sufficient(max) incentive for liquidators to execute the liquidate function, leading to potential under-collateralized positions.
The liquidation reward is calculated as 0.2 * 1e18, which is added to the liquidation equity share. The total borrowed DYAD to collateral ratio is 1:1, and the amount paid represents the amount of DYAD owed. The amount on top of the DYAD owed is the liquidator's profit. However, when the collateral ratio drops below 1, there is a high possibility that a liquidator may not receive their full collateral based on the user's collateral, without any reward attached.
Manual code analysis.
Implementation of Admin-Based Liquidation Role
To address the decreased incentive for liquidation when the collateral ratio drops below 1.2, the protocol should consider implementing an admin function or admin-based role to liquidate positions that fall below this threshold. This approach ensures that under-collateralized positions are addressed promptly, thereby maintaining the contract's overall stability and security.
Other
#0 - c4-pre-sort
2024-04-29T07:52:15Z
JustDravee marked the issue as duplicate of #456
#1 - c4-pre-sort
2024-04-29T09:31:26Z
JustDravee marked the issue as sufficient quality report
#2 - c4-judge
2024-05-12T09:16:13Z
koolexcrypto marked the issue as unsatisfactory: Insufficient proof
#3 - Tomiwasa0
2024-05-16T06:39:54Z
Thanks for judging @koolexcrypto.
I would like to state that this issue is not a duplicate of #456 but a duplicate of #1258. The impact is the same and the mitigation provided here agrees with the mitigation stated by the sponsor. Also, this might be a valid medium as this issue was not stated in the README or publicly known issue, hence it should be treated as a valid issue. Also, almost all issues duplicated as 456 are similar to 1258. Thank you
#4 - c4-judge
2024-05-28T16:04:07Z
koolexcrypto marked the issue as duplicate of #977
#5 - c4-judge
2024-05-29T07:02:24Z
koolexcrypto marked the issue as satisfactory