DYAD - OMEN's results

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/cd48c684a58158de444b24854ffd8f07d046c31b/src/core/VaultManagerV2.sol#L205-L228

Vulnerability details

Impact

Detailed description of the impact of this finding.

Proof of Concept

        uint cappedCr               = cr < 1e18 ? 1e18 : cr;
 uint liquidationEquityShare = (cappedCr - 1e18).mulWadDown(LIQUIDATION_REWARD);
 uint liquidationAssetShare  = (liquidationEquityShare + 1e18).divWadDown(cappedCr);

let's asuume cr (collater ratio) is 120 percent right now . This means anyone can call the liquidation .

cr --------->> 1.2 e18

cappedCr --------->> 1.2 e18 (cause cr > 1e18)

liquidationEquityShare -------->> 0.2 e18 * 0.2 e18 /1e18 -------->> 0.04 e18

liquidationAssetShare -------->> (0.04 + 1) e18 * 1e18 / 1.2 e18 -------->> 0.86667 e18

          for (uint i = 0; i < numberOfVaults; i++) {
     Vault vault      = Vault(vaults[id].at(i));
     uint  collateral = vault.id2asset(id).mulWadUp(liquidationAssetShare);
     vault.move(id, to, collateral);
 }

let's assume vault.id2asset(id) is 120 usd worth of weth

collateral ----------->>> 120 e18 * 0.8667 e18 / 1e18 ----------->>> 104.004 e18

liquidator will get 104 usd worth of collateral .And the rest collateral(16 usd value worth of weth) are still remaining in vault and can claim by vault owner with burning dyad.When collateral ratio become below 100 percent , there is no incentive for liquidation call .This will cause the bad debt for protocol. Instead of returing surplus collateral from liquidation into vault owners , protocol should use those surplus collateral in bad debt distribution.

1. protocol make sure liquidator didn't lose funds when liquidation is called
2. when bad debt occur , protocol should use surplus collateral from liquidation to handle it .

Tools Used

manual view

Recommended Mitigation Steps

pls use surplus collateral from liquidation for bad debt handling instead of sending bad debt to liquidators

Assessed type

Context

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/cd48c684a58158de444b24854ffd8f07d046c31b/src/core/VaultManagerV2.sol#L224-L225

Vulnerability details

Impact

There is no incentives to call liquidation and this will cause the bad debt for protocol.

Proof of Concept

         uint cappedCr               = cr < 1e18 ? 1e18 : cr;
  uint liquidationEquityShare = (cappedCr - 1e18).mulWadDown(LIQUIDATION_REWARD);
  uint liquidationAssetShare  = (liquidationEquityShare + 1e18).divWadDown(cappedCr);

let's asuume cr (collater ratio) is 90 percent right now . This means anyone can call the liquidation .

cr --------->> 0.9 e18

cappedCr --------->> 1 e18 (cause cr < 1e18)

liquidationEquityShare -------->> 0

liquidationAssetShare -------->> (0 + 1) e18 * 1e18 / 1 e18 -------->> 1 e18

           for (uint i = 0; i < numberOfVaults; i++) {
      Vault vault      = Vault(vaults[id].at(i));
      uint  collateral = vault.id2asset(id).mulWadUp(liquidationAssetShare);
      vault.move(id, to, collateral);
  }

let's assume vault.id2asset(id) is 90 usd worth of weth

collateral ----------->>> 90 e18 * 1 e18 / 1e18 ----------->>> 90 e18

liquidator burnt 100 dyad and get back 90 usd value worth of collateral.So no one gonna call the liquidate if collateral ratio is below 100 percent.

collateral ratio can drop a large amount due to following facts

1.protocol use weth as collateral , so there could be depegging event .Price will drop significantly .and eth price will drop due to that . 2.kerosene is based on these collateral price.If collateral price dropping significantly will make kersene dropping.

Tools Used

manual view

Recommended Mitigation Steps

pls make sure liquidator will not have loss when call liquidation and implement bad debt distribution system.

Assessed type

Context

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/cd48c684a58158de444b24854ffd8f07d046c31b/src/core/VaultManagerV2.sol#L164-L168

Vulnerability details

Impact

There is no incentives to call liquidation on small dyad amount position and this will cause bad debt for protocol.

Proof of Concept

      ` function mintDyad(
      uint    id,
        uint    amount,
       address to
       )
           external 
            isDNftOwner(id)
       {
        uint newDyadMinted = dyad.mintedDyad(address(this), id) + amount; 
        if (getNonKeroseneValue(id) < newDyadMinted)     revert 
         NotEnoughExoCollat();
           dyad.mint(id, to, amount);
          if (collatRatio(id) < MIN_COLLATERIZATION_RATIO) revert CrTooLow(); 
               emit MintDyad(id, amount, to);
            }`

When minting dyad stable coin , there is no minimum amount to mint .This will be problem for incentives to call liquidation .

Malicious user mint small enough dyad amount .In ethereum , gas price is really high when transactions are too much . So it will be loss to call that small enough dyad amount position .Due to lack of liquidation call on undercollateralized position , there will be bad debt for protocol.

Tools Used

manual view

Recommended Mitigation Steps

set minimum amount

Assessed type

Context