Platform: Code4rena
Start Date: 18/04/2024
Pot Size: $36,500 USDC
Total HM: 19
Participants: 183
Period: 7 days
Judge: Koolex
Id: 367
League: ETH
Rank: 57/183
Findings: 3
Award: $205.73
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: MrPotatoMagic
Also found by: 0xtankr, ArmedGoose, Egis_Security, Giorgio, KYP, Maroutis, NentoR, OMEN, Sabit, Shubham, SpicyMeatball, T1MOH, d3e4, dimulski, peanuts
200.8376 USDC - $200.84
It is impossible to liquidate a user with the highest minted DYAD when such a user is undercollateralized
To liquidate an undercollateralized user, the liquidator must substract the equivalence of the minted DYAD of the user being liquidated from his balance.
dyad.burn(id, msg.sender, dyad.mintedDyad(address(this), id));
And here is the burn function:
function burn( uint id, address from, uint amount ) external licensedVaultManager { _burn(from, amount); mintedDyad[msg.sender][id] -= amount; }
What the above means is that the total minted DYAD burnt from the user being liquidated (dyad.mintedDyad(address(this), id)) is the same amount that must be substracted from the liquidator.
The liquidate function does not provide for liquidation in small amounts.
The problem this design creates is that when a user with a high or the highest minted DYAD amount is undercollateralized, it's impossible for anyone to liquidate the user. This is because no one would have the needed DYAD tokens to liquidate the undercollateralized user.
Manual review
I suggest that liquidating in small amount should be implemented.
Context
#0 - c4-pre-sort
2024-04-29T05:52:56Z
JustDravee marked the issue as duplicate of #1097
#1 - c4-pre-sort
2024-04-29T08:34:41Z
JustDravee marked the issue as sufficient quality report
#2 - c4-judge
2024-05-11T12:22:05Z
koolexcrypto marked the issue as satisfactory
🌟 Selected for report: MrPotatoMagic
Also found by: 0x175, 0x486776, 0x77, 0xAkira, 0xAsen, 0xDemon, 0xabhay, 0xblack_bird, 0xlemon, 0xloscar01, 0xtankr, 3docSec, 4rdiii, Abdessamed, AlexCzm, Angry_Mustache_Man, BiasedMerc, Circolors, Cryptor, DMoore, DPS, DedOhWale, Dinesh11G, Dots, GalloDaSballo, Giorgio, Honour, Imp, Jorgect, Krace, KupiaSec, Mrxstrange, NentoR, Pechenite, PoeAudits, Ryonen, SBSecurity, Sabit, T1MOH, TheFabled, TheSavageTeddy, Tychai0s, VAD37, Vasquez, WildSniper, ZanyBonzy, adam-idarrha, alix40, asui, blutorque, btk, c0pp3rscr3w3r, caglankaan, carrotsmuggler, d_tony7470, dimulski, dinkras, djxploit, falconhoof, forgebyola, grearlake, imare, itsabinashb, josephdara, kartik_giri_47538, ke1caM, kennedy1030, koo, lionking927, ljj, niser93, pep7siup, poslednaya, ptsanev, sashik_eth, shaflow2, steadyman, turvy_fuzz, ubl4nk, valentin_s2304, web3km, xyz, y4y, zhaojohnson, zigtur
0.0234 USDC - $0.02
https://github.com/code-423n4/2024-04-dyad/blob/4a987e536576139793a1c04690336d06c93fca90/src/core/VaultManagerV2.sol#L119-L154 https://github.com/code-423n4/2024-04-dyad/blob/4a987e536576139793a1c04690336d06c93fca90/src/core/VaultManagerV2.sol#L42-L44
Arbitrary user can temporarily block owner from withdrawing
The withdraw function prevents withdrawals in the same block as a deposit. This allows anyone to DoS the owner by making ridiculously small deposits to block withdrawals.
Note that anyone can call the deposit function since the isValidDNft modifier only checks for a valid "id" and not the owner.
Manual review
I suggest a check that if deposit is not done by the owner, it shouldn't block the owner from calling the withdraw function.
DoS
#0 - c4-pre-sort
2024-04-27T11:54:45Z
JustDravee marked the issue as duplicate of #489
#1 - c4-pre-sort
2024-04-29T09:29:00Z
JustDravee marked the issue as sufficient quality report
#2 - c4-judge
2024-05-05T20:39:25Z
koolexcrypto marked the issue as unsatisfactory: Invalid
#3 - c4-judge
2024-05-05T20:39:59Z
koolexcrypto marked the issue as unsatisfactory: Invalid
#4 - c4-judge
2024-05-05T21:45:45Z
koolexcrypto marked the issue as nullified
#5 - c4-judge
2024-05-05T21:45:49Z
koolexcrypto marked the issue as not nullified
#6 - c4-judge
2024-05-08T15:26:49Z
koolexcrypto marked the issue as duplicate of #1001
#7 - c4-judge
2024-05-11T19:49:33Z
koolexcrypto marked the issue as satisfactory
#8 - c4-judge
2024-05-13T18:34:30Z
koolexcrypto changed the severity to 3 (High Risk)
🌟 Selected for report: dimulski
Also found by: 0xleadwizard, 0xlemon, Aamir, Al-Qa-qa, AvantGard, Bauchibred, Cryptor, DarkTower, Egis_Security, Giorgio, Maroutis, MrPotatoMagic, OMEN, Ocean_Sky, Ryonen, SBSecurity, Sabit, SpicyMeatball, Stefanov, T1MOH, Tigerfrake, WildSniper, atoko, bhilare_, darksnow, fandonov, grearlake, iamandreiski, igdbase, pontifex, web3km, xiao
4.8719 USDC - $4.87
The protocol can be undercollateralized and users not being able to withdraw their funds.
Liquidators call the liquidate functio for the profit and not for anything else. There is 20% bonus for every liquidation. However, there are cases of small positions where a user only has $2, $3 worth of value in their position.
Liquidators won't want to liquidate such positions because the position value doesn't even cover gas fees.
These low value acccounts will never get liquidated leaving the protocol with bad debt.
Manual review
I suggest allowing users to mint if their collateral value is above a particular threshold.
Error
#0 - c4-pre-sort
2024-04-27T17:35:19Z
JustDravee marked the issue as duplicate of #1258
#1 - c4-pre-sort
2024-04-29T09:16:41Z
JustDravee marked the issue as sufficient quality report
#2 - c4-judge
2024-05-03T14:07:47Z
koolexcrypto changed the severity to QA (Quality Assurance)
#3 - c4-judge
2024-05-12T09:32:13Z
koolexcrypto marked the issue as grade-b
#4 - c4-judge
2024-05-12T09:32:32Z
koolexcrypto marked the issue as grade-c
#5 - c4-judge
2024-05-22T14:26:07Z
This previously downgraded issue has been upgraded by koolexcrypto
#6 - c4-judge
2024-05-28T16:51:31Z
koolexcrypto marked the issue as satisfactory
#7 - c4-judge
2024-05-28T20:06:00Z
koolexcrypto marked the issue as duplicate of #175