New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Buying out corrupts the slope of a vault, reducing rewards of LPs #477
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-06
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
Comments
code423n4
added
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
labels
Jan 19, 2023
Picodes marked the issue as duplicate of #366 |
Picodes marked the issue as satisfactory |
c4-judge
added
the
satisfactory
satisfies C4 submission criteria; eligible for awards
label
Feb 15, 2023
c4-judge
added
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
labels
Feb 15, 2023
Picodes marked the issue as selected for report |
c4-judge
added
downgraded by judge
Judge downgraded the risk level of this issue
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
and removed
3 (High Risk)
Assets can be stolen/lost/compromised directly
labels
Feb 23, 2023
Picodes changed the severity to QA (Quality Assurance) |
c4-judge
added
3 (High Risk)
Assets can be stolen/lost/compromised directly
and removed
downgraded by judge
Judge downgraded the risk level of this issue
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
labels
Feb 24, 2023
This previously downgraded issue has been upgraded by Picodes |
This was referenced Feb 24, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-06
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
Lines of code
https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/LienToken.sol#L189
https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/PublicVault.sol#L627-L628
Vulnerability details
Impact
After a buyout, the slope of a vault won't be increased. As a result, liquidity providers will lose reward for providing liquidity to borrowers and the borrower will not pay interest for the lien that was bought out.
Proof of Concept
Buyout is an important refinancing mechanism that allows borrowers to apply new terms (e.g. changed loan rate and/our duration) to their loans. The implementation of the mechanism allows borrower to repay the owed amount for a lien, burn the lien, and create a new lien. When burning and creating liens it's important to update the slope of a vault: is the total interest accrued by vaults. However, during a buyout the slope of the vault where a new lien is created is not increased:
Since, during a buyout, a lien with a different interest rate may be created (due to changed loan terms), the slope of the vault must be updated correctly:
If the slope of the new lien is not added to the total slope of the vault, then the lien doesn't generate interest, which means the borrower doesn't need to pay interest for taking the loan and liquidity providers won't be rewarded for providing funds to the borrower.
The following PoC demonstrates that the slope of a vault is 0 after the only existing lien was bought out:
Tools Used
Manual review
Recommended Mitigation Steps
Consider increasing the slope of a public vault after a buyout, similarly to how it's done after a new commitment.
The text was updated successfully, but these errors were encountered: