Full liquidation of vault will not be possible when there is a left over margin and the vault recipient is blacklisted. #24
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-42
🤖_27_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-05-predy/blob/main/src/libraries/logic/LiquidationLogic.sol#L89-L100
Vulnerability details
Impact
Full liquidation of vault will not be possible when there is a left over margin and the vault recipient is blacklisted.
Proof of Concept
At the end of a full liquidation process, any left over margin is sent to the vault recipient.
If the vault recipient is blacklisted by the token contract (for example USDC and USDT), the transfer will revert making the full liquidation of the vault impossible.
This can happen if :
Tools Used
Manual Review
Recommended Mitigation Steps
Add a try/catch to the transfer call when sending the left over margin to the vault recipient.
Assessed type
Other
The text was updated successfully, but these errors were encountered: