Back to vahdrak1's contests

DYAD - vahdrak1's results

The first capital efficient overcollateralized stablecoin.

General Information

Platform: Code4rena

Start Date: 18/04/2024

Pot Size: $36,500 USDC

Total HM: 19

Participants: 183

Period: 7 days

Judge: Koolex

Id: 367

League: ETH

DYAD

Findings Distribution

Researcher Performance

Rank: 88/183

Findings: 2

Award: $24.59

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryDYAD

Findings Information

🌟 Selected for report: 0xAlix2

Also found by: 0x175, 0x486776, 0xnev, 3docSec, 3th, Aamir, Abdessamed, AlexCzm, Angry_Mustache_Man, Circolors, DedOhWale, Emmanuel, Giorgio, Honour, Jorgect, KupiaSec, Maroutis, Myrault, SBSecurity, Stefanov, T1MOH, VAD37, Vasquez, adam-idarrha, alix40, ducanh2706, falconhoof, iamandreiski, ke1caM, kennedy1030, koo, lian886, ljj, miaowu, pontifex, sashik_eth, shikhar229169, vahdrak1

Awards

7.3026 USDC - $7.30

Labels

bug
3 (High Risk)
satisfactory
sufficient quality report
:robot:_97_group
duplicate-128

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L230

Vulnerability details

Impact

collatRatio = (NonKerosene+Kerosene)/DYAD. Since during the liquidation process, only non-kerosene will be moved. When kerosene accounts for a very high proportion of mortgage assets, for example, when the mortgage ratio reaches 120%, of which kerosene accounts for 50%, and the remaining 70% is non-kerosene collateral, the funds obtained by the liquidation will be less than the payment required for liquidation funds. Therefore, liquidation will not be initiated, resulting in the creation of bad debts.

Proof of Concept

function collatRatio(
    uint id
  )
    public 
    view
    returns (uint) {
      uint _dyad = dyad.mintedDyad(address(this), id);
      if (_dyad == 0) return type(uint).max;
      return getTotalUsdValue(id).divWadDown(_dyad);
  }
function liquidate(
...
uint numberOfVaults = vaults[id].length();
      for (uint i = 0; i < numberOfVaults; i++) {
          Vault vault      = Vault(vaults[id].at(i));
          uint  collateral = vault.id2asset(id).mulWadUp(liquidationAssetShare);
          vault.move(id, to, collateral);
      }
      emit Liquidate(id, msg.sender, to);
...

Tools Used

Manual review

Liquidators are allowed to move kerosene in liquidation

Assessed type

Other

#0 - c4-pre-sort

2024-04-28T10:20:31Z

JustDravee marked the issue as duplicate of #128

#1 - c4-pre-sort

2024-04-29T09:06:41Z

JustDravee marked the issue as sufficient quality report

#2 - c4-judge

2024-05-11T19:40:09Z

koolexcrypto marked the issue as satisfactory

Findings Information

🌟 Selected for report: Infect3d

Also found by: 0x486776, 0xAlix2, 0xleadwizard, 0xnilay, Abdessamed, ArmedGoose, Bauchibred, Bigsam, GalloDaSballo, HChang26, Myrault, OMEN, SBSecurity, T1MOH, ZanyBonzy, alix40, atoko, iamandreiski, jesjupyter, ke1caM, miaowu, peanuts, vahdrak1

Awards

17.2908 USDC - $17.29

Labels

bug
2 (Med Risk)
satisfactory
sufficient quality report
edited-by-warden
:robot:_42_group
duplicate-977

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L205

Vulnerability details

Impact

When collatRatio is less than or equal to 100%, according to the calculation formula liquidationEquityShare = (cappedCr - 1e18).mulWadDown(LIQUIDATION_REWARD), the liquidation reward is 0, and no liquidator will liquidate this non-performing asset.

Proof of Concept

function liquidate(
    uint id,
    uint to
  ) 
    external 
      isValidDNft(id)
      isValidDNft(to)
    {
      uint cr = collatRatio(id);
      if (cr >= MIN_COLLATERIZATION_RATIO) revert CrTooHigh();
      dyad.burn(id, msg.sender, dyad.mintedDyad(address(this), id));

      uint cappedCr               = cr < 1e18 ? 1e18 : cr;
      uint liquidationEquityShare = (cappedCr - 1e18).mulWadDown(LIQUIDATION_REWARD); 
      uint liquidationAssetShare  = (liquidationEquityShare + 1e18).divWadDown(cappedCr);

      uint numberOfVaults = vaults[id].length();
      for (uint i = 0; i < numberOfVaults; i++) {
          Vault vault      = Vault(vaults[id].at(i));
          uint  collateral = vault.id2asset(id).mulWadUp(liquidationAssetShare);
          vault.move(id, to, collateral);
      }
      emit Liquidate(id, msg.sender, to);
  }

Tools Used

Mannual review

Add the function of automatic liquidation when collatRatio is less than or equal to 100%

Assessed type

Other

#0 - c4-pre-sort

2024-04-29T08:08:06Z

JustDravee marked the issue as duplicate of #977

#1 - c4-pre-sort

2024-04-29T09:23:23Z

JustDravee marked the issue as sufficient quality report

#2 - c4-judge

2024-05-04T09:44:04Z

koolexcrypto changed the severity to QA (Quality Assurance)

#3 - c4-judge

2024-05-12T09:23:56Z

koolexcrypto marked the issue as unsatisfactory: Invalid

#4 - c4-judge

2024-05-12T09:44:55Z

koolexcrypto marked the issue as grade-c

#5 - c4-judge

2024-05-28T16:20:19Z

This previously downgraded issue has been upgraded by koolexcrypto

#6 - c4-judge

2024-05-28T16:21:32Z

koolexcrypto marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter