Platform: Code4rena
Start Date: 25/10/2022
Pot Size: $50,000 USDC
Total HM: 18
Participants: 127
Period: 5 days
Judge: 0xean
Total Solo HM: 9
Id: 175
League: ETH
Rank: 27/127
Findings: 2
Award: $343.35
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: jayphbee
Also found by: catchup, cccz, corerouter, trustindistrust
342.9734 USDC - $342.97
In the liquidate function, if escrow.balance() < liquidationFee, no collateral is sent to the gov, which effectively makes the gov's profit suffer. The correct approach would be to send escrow.balance() collateral to gov when escrow.balance() < liquidationFee
None
Change to
if(liquidationFeeBps > 0) { uint liquidationFee = repaidDebt * 1 ether / price * liquidationFeeBps / 10000; if(escrow.balance() >= liquidationFee) { escrow.pay(gov, liquidationFee); } + else {escrow.pay(gov, escrow.balance());} }
#0 - 0xean
2022-11-05T19:49:50Z
Seems like this would have to amount of very small dust amounts to be true.
#1 - c4-judge
2022-11-05T19:50:43Z
0xean marked the issue as duplicate
#2 - c4-judge
2022-11-28T18:26:00Z
0xean marked the issue as duplicate of #275
#3 - Simon-Busch
2022-12-05T15:34:46Z
Issue marked as satisfactory as requested by 0xean
🌟 Selected for report: rbserver
Also found by: 0x1f8b, 0xNazgul, 0xc0ffEE, 8olidity, Aymen0909, Chom, Franfran, Jeiwan, Jujic, Lambda, M4TZ1P, Olivierdem, Rolezn, Ruhum, TomJ, Wawrdog, __141345__, bin2chen, c7e7eff, carlitox477, catchup, cccz, codexploder, cuteboiz, d3e4, dipp, djxploit, eierina, elprofesor, hansfriese, horsefacts, idkwhatimdoing, imare, immeas, joestakey, ladboy233, leosathya, martin, minhtrng, pashov, peanuts, pedroais, rokinot, rvierdiiev, saneryee, sorrynotsorry, tonisives
0.385 USDC - $0.38
According to Chainlink's documentation, the latestAnswer function is deprecated. This function might suddenly stop working if Chainlink stop supporting deprecated APIs. And the old API can return stale data.
function getPrice(address token, uint collateralFactorBps) external returns (uint) { if(fixedPrices[token] > 0) return fixedPrices[token]; if(feeds[token].feed != IChainlinkFeed(address(0))) { // get price from feed uint price = feeds[token].feed.latestAnswer();
https://github.com/code-423n4/2022-10-inverse/blob/3e81f0f5908ea99b36e6ab72f13488bbfe622183/src/Oracle.sol#L82-L83 https://github.com/code-423n4/2022-10-inverse/blob/3e81f0f5908ea99b36e6ab72f13488bbfe622183/src/Oracle.sol#L116-L117
None
Use the latestRoundData function to get the price instead. Add checks on the return data with proper revert messages if the price is stale or the round is uncomplete https://docs.chain.link/docs/price-feeds-api-reference/
#0 - neumoxx
2022-10-31T08:42:22Z
Duplicate of #601
#1 - c4-judge
2022-11-05T17:49:16Z
0xean marked the issue as duplicate
#2 - Simon-Busch
2022-12-05T15:28:09Z
Issue marked as satisfactory as requested by 0xean
#3 - c4-judge
2022-12-07T08:14:13Z
Simon-Busch marked the issue as duplicate of #584