DYAD - Tigerfrake's results

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/4a987e536576139793a1c04690336d06c93fca90/src/core/VaultManagerV2.sol#L156-L169

Vulnerability details

Summary

No minimum mint amount can destabilize the protocol.

Proof of Concept

According to protocol there is no minMintAmount. This means that a user can call the mintDyad() and mint any minimum amount of DYAD backed by just as much collateral.

  function mintDyad(
    uint    id,
    uint    amount,
    address to
  )
    external 
      isDNftOwner(id)
  {
    uint newDyadMinted = dyad.mintedDyad(address(this), id) + amount;
    if (getNonKeroseneValue(id) < newDyadMinted)     revert NotEnoughExoCollat();
    dyad.mint(id, to, amount);
    if (collatRatio(id) < MIN_COLLATERIZATION_RATIO) revert CrTooLow(); 
    emit MintDyad(id, amount, to);
  }

From the Documentation:

If a Note’s collateral value in USD drops below 150% of its DYAD minted balance, it faces liquidation. The liquidator burns a quantity of DYAD equal to the target Note’s DYAD minted balance, and in return receives an equivalent value plus a 20% bonus of the target Note’s backing colateral, which the liquidator can direct to any other Note, usually their own. The target keeps the remainder of their collateral, if any.

This can be a big issue because there will be no incentive for liquidators to liquidate small underwater positions given the gas cost to do so would not make economic sense based on the incentive they would receive.

Impact

Can push the entire protocol into an underwater state. Underwater positions would first be covered by Protocol reserves meaning that the protocol stand to lose out.

Tools Used

Manual Review

Recommended Mitigation Steps

Close the vulnerability by implementing a realistic minMintAmount which will incentivize liquidators to clean up bad debt.

Assessed type

Other