Platform: Code4rena
Start Date: 04/03/2024
Pot Size: $88,500 USDC
Total HM: 31
Participants: 105
Period: 11 days
Judge: ronnyx2017
Total Solo HM: 7
Id: 342
League: ETH
Rank: 105/105
Findings: 1
Award: $3.35
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: kfx
Also found by: 0x175, 0xAlix2, 0xjuan, AMOW, Aymen0909, CaeraDenoir, Giorgio, JCN, JecikPo, JohnSmith, Norah, SpicyMeatball, alexander_orjustalex, atoko, erosjohn, falconhoof, givn, grearlake, jnforja, kinda_very_good, lanrebayode77, nmirchev8, shaka, web3Tycoon, zxriptor
3.3501 USDC - $3.35
When a liquidator calls Liquidate with the params containing the tokenId. The owner of the tokenId will see the transaction in the mempool and frontrun by calling repay with a small digit lets say 1%, and since the minimum amount is 0, will cause the liquidator transaction to fail because debtShares should be equal to params.debtShares.
if (debtShares != params.debtShares) { revert DebtChanged(); }
tokenIdowner sees the transaction pending in the mempool.Owner calls repay with a minimum amount above 0.debtShares happened which will not be equal to the params.debtSharesmanual Review
Refactor the code such as when liquidate is called on a tokenId, that should be liquidate. It locks the user to avoid to redeem his position.
MEV
#0 - c4-pre-sort
2024-03-18T18:14:03Z
0xEVom marked the issue as sufficient quality report
#1 - c4-pre-sort
2024-03-18T18:15:07Z
0xEVom marked the issue as duplicate of #231
#2 - c4-pre-sort
2024-03-22T12:02:38Z
0xEVom marked the issue as duplicate of #222
#3 - c4-judge
2024-03-31T14:47:30Z
jhsagd76 changed the severity to 2 (Med Risk)
#4 - c4-judge
2024-03-31T14:47:45Z
jhsagd76 marked the issue as satisfactory