User can pay its debt and withdraw its collateral without paying the interest rate. #311
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-583
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L531
Vulnerability details
Impact
An user can repay all of his debt, and withdraw all his collateral calling the repayAndWithdraw function with
uint withdrawAmount
equal asdebts[user]
as input parameter, even if it has a deficit of DBR tokens.Proof of Concept
There is not a requirement of not having a deficit of DBR tokens to be able to withdraw your collateral. It is true that a user that incurs in a deficit have the risk of someone calling forceReplenish on him, but if the user can front-run it, then the user will not need to pay for his DBR deficit.
To test this, i wrote the next test:
Tools Used
Manual review
Recommended Mitigation Steps
Don't allow to withdraw the collateral if the user has a deficit of DBR tokens.
The text was updated successfully, but these errors were encountered: