Platform: Code4rena
Start Date: 17/02/2022
Pot Size: $75,000 USDC
Total HM: 20
Participants: 39
Period: 7 days
Judges: moose-code, JasoonS
Total Solo HM: 13
Id: 89
League: ETH
Rank: 13/39
Findings: 2
Award: $1,684.71
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: kirk-baird
Also found by: itsmeSTYJ
https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/InsuranceFund.sol#L71-L85 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/MarginAccount.sol#L352-L382
If pendingObligations are 0, it is possible to frontrun seizeBadDebt (which is called via MarginAccount.settleBadDebt). This allows a LP for the insurance fund to receive the benefits of providing liquidity to the insurance fund without incurring any “loss” whenever bad debts are created. These “loss” are instead pushed onto the other LPs i.e. they are incuring more “loss” than they should.
When someone tries to call MarginAccount.settleBadDebt and InsuranceFund.pendingObligations are 0, you can frontrun this user and call InsuranceFund.withdraw to withdraw your LP before their transaction gets mined. After their transaction is mined, you can call InsuranceFund.deposit to put your LP back into the insurance fund to continue reaping the rewards.
#0 - atvanguard
2022-02-24T07:25:08Z
Duplicate of #59
🌟 Selected for report: defsec
Also found by: 0v3rf10w, 0x0x0x, 0x1f8b, 0xwags, CertoraInc, Dravee, IllIllI, Meta0xNull, Nikolay, Omik, WatchPug, bobi, cccz, csanuragjain, danb, gzeon, hubble, hyh, itsmeSTYJ, jayjonah8, kenta, kirk-baird, leastwood, pauliax, peritoflores, rfa, robee, sorrynotsorry, ye0lde
431.226 USDC - $431.23
The syncDeps function exists in the AMM, InsuranceFund and MarginAccount contracts as a helper function to sync the shared contract addresses between the Registry contract. It does not however ensure that all contracts are actually in synced i.e. if the Registry contract changes, there are no checks to ensure that the addresses are still in sync.
https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/VUSD.sol#L62-L64
Update internal state before transferring tokens out.
https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/MarginAccount.sol#L548
Be mindful when adding collateral as some token implementations e.g. rebase tokens are not handled by the smart contract.
_getLiquidationInfohttps://github.com/code-423n4/2022-02-hubble/blob/main/contracts/MarginAccount.sol#L458
_getLiquidationInfo doesn’t actually revert. It is the parent liquidation function that reverts if it receives a LiquidationStatus that is not IS_LIQUIDATABLE.
In the event ETH / tokens are mistakenly sent to the contracts, it is possible to withdraw them through a rescueToken or rescueETH function. This function can only be called by governance.