DYAD - fandonov's results

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/cd48c684a58158de444b24854ffd8f07d046c31b/src/core/VaultManagerV2.sol#L156-L169 https://github.com/code-423n4/2024-04-dyad/blob/cd48c684a58158de444b24854ffd8f07d046c31b/src/core/VaultManagerV2.sol#L205-L228

Vulnerability details

Impact

In the contract VaultManagerV2.sol in function VaultManagerV2.sol::mintDyad, there is no minimum mint value check. This can lead to bad debt for the liquidator.

Proof of Concept

uint public constant MIN_COLLATERIZATION_RATIO = 1.5e18; // 150%
uint public constant LIQUIDATION_REWARD        = 0.2e18; //  20%

For example lets say that the user deposits 500, for that amount he can get around 333.33 worth of stable coins. If we calculate the reward fee the liquidator gets it will be around 33. No liquidator will want to do this because the gas fees of transactions like this can be a lot higher depending on the state of the network, in this situation the liquidator can have bad debt.

With a MIN_COLLATERIZATION_RATIO of 150% if the user deposits 500, he gets 333.33 worth of stable coins. After the VaultManagerV2.sol::burnDyad function happens. The LIQUIDATION_REWARD is 20% which will be around 33 in this situation. When the network becomes highly congested, the price of gas can skyrocket to incredible levels. Which will lead to very high gas prices.

Tools Used

Manual review

Recommended Mitigation Steps

Consider putting a MIN_MINT_VALUE check.

Assessed type

Context