Platform: Code4rena
Start Date: 14/07/2022
Pot Size: $25,000 USDC
Total HM: 2
Participants: 63
Period: 3 days
Judge: PierrickGT
Total Solo HM: 1
Id: 147
League: ETH
Rank: 35/63
Findings: 1
Award: $40.44
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: hickuphh3
Also found by: 0x29A, 0x52, 0xNazgul, Chom, Deivitto, ElKu, Funen, IllIllI, Meera, ReyAdmirado, SooYa, TomJ, Trumpero, Waze, __141345__, ak1, asutorufos, c3phas, cRat1st0s, csanuragjain, delfin454000, exd0tpy, fatherOfBlocks, hake, hansfriese, horsefacts, hyh, karanctf, kenzo, kyteg, ladboy233, pashov, peritoflores, rajatbeladiya, rbserver, reassor, rokinot, simon135, wastewa
40.443 USDC - $40.44
https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L253
When an auction is going on, after it started, the vault might become overcollateralized again, due to liquidators buying early (and not receiving the full amount of collateral), or due to user supplying collateral to the vault.
In these cases (especially the first one), the vault might become overcollateralized, but the auction would be still be going on and bids allowed to be placed.
The only way to cancel an auction is either using the external cancel function or by paying all of the debt.
More collateral would be liquidated than needed to keep the vault's collateralization ratio.
I am not sure if this is intended behavior. But seems like this will hurt the users. The contest readme says about WitchV1 "we have found that liquidations have not been as fair as we would have liked. More often than not, liquidated users have lost all their collateral". Therefore it seems you might want to not liquidate more than necessary.
For liquidators, the auction mechanism gives out less collateral than debt payed at the beginning of the auction:
// inkOut = (artIn / totalArt) * totalInk * (p + (1 - p) * t)
(where t is % of time elapsed)
Therefore, according to the parameters used, a liquidator buying collateral may end up putting the vault over the collateralization ratio.
At that point, the vault is not in a state to be liquidated anymore,
but it's auction is still ongoing.
Liquidators have no incentive to cancel it, and may just continue bidding, buying more of the user's collateral,
making him lose even all of it (according to the auction parameters).
(Additionally, there's a side case where a user might repay his debt, and liquidators can front run his cancel tx to continue liquidating him - but that might be less of an issue as Yield expects users to know what they're doing.)
Revert in payFYToken and payBase if cauldron.level(vaultId) >= 0.
You can even cancel the auction at that stage but that's going the extra mile.
#0 - HickupHH3
2022-07-18T14:32:54Z
I argue for both sides in my QA report - L01: Vaults that are over-collateralised after partial liquidation are possibly subject to further liquidations.
One can say that it is the liquidator's right to continue liquidations as the vault was under-collateralised in the first place, but it could also be seen as a bug.
#1 - alcueca
2022-07-21T10:28:34Z
Duplicate of #40
#2 - PierrickGT
2022-07-28T15:26:17Z
Downgraded to QA Report since this issue is related to a design decision.