Platform: Code4rena
Start Date: 18/04/2024
Pot Size: $36,500 USDC
Total HM: 19
Participants: 183
Period: 7 days
Judge: Koolex
Id: 367
League: ETH
Rank: 91/183
Findings: 2
Award: $22.16
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Infect3d
Also found by: 0x486776, 0xAlix2, 0xleadwizard, 0xnilay, Abdessamed, ArmedGoose, Bauchibred, Bigsam, GalloDaSballo, HChang26, Myrault, OMEN, SBSecurity, T1MOH, ZanyBonzy, alix40, atoko, iamandreiski, jesjupyter, ke1caM, miaowu, peanuts, vahdrak1
17.2908 USDC - $17.29
https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L205
The current implementation of a fixed liquidation bonus in the protocol's liquidate function poses a risk of preventing liquidation when a user's collateral is close to their debt amount. Due to the fixed bonus, users may not be liquidated even when their health factor falls below the critical threshold. This issue can lead to instability in the protocol, as it undermines the mechanism to maintain collateralization ratios, potentially exposing the protocol to insolvency risks.
uint public constant LIQUIDATION_REWARD = 0.2e18; // 20%
function liquidate( uint id, uint to ) external isValidDNft(id) isValidDNft(to) { uint cr = collatRatio(id); if (cr >= MIN_COLLATERIZATION_RATIO) revert CrTooHigh(); dyad.burn(id, msg.sender, dyad.mintedDyad(address(this), id)); uint cappedCr = cr < 1e18 ? 1e18 : cr; uint liquidationEquityShare = (cappedCr - 1e18).mulWadDown(LIQUIDATION_REWARD); uint liquidationAssetShare = (liquidationEquityShare + 1e18).divWadDown(cappedCr); uint numberOfVaults = vaults[id].length(); for (uint i = 0; i < numberOfVaults; i++) { Vault vault = Vault(vaults[id].at(i)); uint collateral = vault.id2asset(id).mulWadUp(liquidationAssetShare); vault.move(id, to, collateral); } emit Liquidate(id, msg.sender, to); }
Consider a scenario where a user's collateral is very low, and the fixed liquidation bonus is significant. When a liquidator attempts to liquidate the user, they cannot cover the full deficit plus the bonus, leading to the transaction being reverted. This scenario can occur especially when multiple types of collateral are involved, and one type's value decreases significantly.
The reason is that when a user gets liquidated, 20% of the amount of liquidation will be sent to the liquidator as the liquidation bonus; however, if the user is not able to provide the liquidation bonus completely in their account, the liquidation will be reverted, because the user does not have sufficient funds.
Manual Review
implement a dynamic calculation for the liquidation bonus based on the user's health factor or the amount of available collateral. By adjusting the bonus dynamically, the protocol ensures that liquidation is always possible, even when users are close to the threshold.
Context
#0 - c4-pre-sort
2024-04-29T06:27:59Z
JustDravee marked the issue as duplicate of #456
#1 - c4-pre-sort
2024-04-29T09:31:20Z
JustDravee marked the issue as sufficient quality report
#2 - c4-judge
2024-05-12T09:03:39Z
koolexcrypto marked the issue as unsatisfactory: Insufficient proof
#3 - c4-judge
2024-05-28T16:04:06Z
koolexcrypto marked the issue as duplicate of #977
#4 - c4-judge
2024-05-28T16:20:18Z
koolexcrypto changed the severity to 2 (Med Risk)
#5 - c4-judge
2024-05-29T07:02:10Z
koolexcrypto marked the issue as satisfactory
🌟 Selected for report: dimulski
Also found by: 0xleadwizard, 0xlemon, Aamir, Al-Qa-qa, AvantGard, Bauchibred, Cryptor, DarkTower, Egis_Security, Giorgio, Maroutis, MrPotatoMagic, OMEN, Ocean_Sky, Ryonen, SBSecurity, Sabit, SpicyMeatball, Stefanov, T1MOH, Tigerfrake, WildSniper, atoko, bhilare_, darksnow, fandonov, grearlake, iamandreiski, igdbase, pontifex, web3km, xiao
4.8719 USDC - $4.87
https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L205
The absence of incentive to liquidate small positions, such as those with low corresponding usd values, can lead to accumulation of unliquidated accounts in the protocol making the protocol unhealthy considering there are a lot of such users in the protocol. This not only leaves these accounts vulnerable to potential insolvency but also hinders the efficient utilization of resources due to gas costs.
at the moment users are able to mind DYAD tokens regardless of their collateral amount
function mintDyad( uint id, uint amount, address to ) external isDNftOwner(id) { uint newDyadMinted = dyad.mintedDyad(address(this), id) + amount; if (getNonKeroseneValue(id) < newDyadMinted) revert NotEnoughExoCollat(); dyad.mint(id, to, amount); if (collatRatio(id) < MIN_COLLATERIZATION_RATIO) revert CrTooLow(); emit MintDyad(id, amount, to); }
Consider a scenario where a user's account holds a small amount of collateral, for example, $5 USD of value. Due to the gas costs involved in executing the liquidation process, liquidators may find it uneconomical to liquidate such low-value accounts. As a result, these accounts remain unliquidated, potentially accumulating over time.
manual review
A potential fix could be to only allow users to mint DYAD if their collateral value is past a certain threshold.
Context
#0 - c4-pre-sort
2024-04-27T17:34:43Z
JustDravee marked the issue as duplicate of #1258
#1 - c4-pre-sort
2024-04-29T09:21:28Z
JustDravee marked the issue as sufficient quality report
#2 - c4-judge
2024-05-03T14:07:47Z
koolexcrypto changed the severity to QA (Quality Assurance)
#3 - c4-judge
2024-05-12T09:32:39Z
koolexcrypto marked the issue as grade-c
#4 - c4-judge
2024-05-22T14:26:07Z
This previously downgraded issue has been upgraded by koolexcrypto
#5 - c4-judge
2024-05-28T16:51:38Z
koolexcrypto marked the issue as satisfactory
#6 - c4-judge
2024-05-28T20:06:03Z
koolexcrypto marked the issue as duplicate of #175