Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

Jeiwan - Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay #290

Open
github-actions bot opened this issue Mar 1, 2023 · 0 comments
Open

Jeiwan - Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay #290

github-actions bot opened this issue Mar 1, 2023 · 0 comments
Labels
Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed

Comments

@github-actions
Copy link

github-actions bot commented Mar 1, 2023

Jeiwan

high

Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay

Summary

Debt repaying can be temporary disabled by the admin of BlueBerryBank, however liquidations are not disabled during this period. As a result, users' positions can accumulate more borrow interest, go above the liquidation threshold, and be liquidated, while users aren't able to repay the debts.

Vulnerability Detail

The owner of BlueBerryBank can disable different functions of the contract, including repayments. However, while repayments are disabled liquidations are still allowed. As a result, when repayments are disabled, liquidator can liquidate any position, and borrowers won't be able to protect against that by repaying their debts. Thus, borrowers will be forced to lose their collateral.

Impact

Positions will be forced to liquidations while their owners won't be able to repay debts to avoid liquidations.

Code Snippet

BlueBerryBank.sol#L740

Tool used

Manual Review

Recommendation

Consider disallowing liquidations when repayments are disabled. Alternatively, consider never disallowing repayments so that users could maintain their positions in a healthy risk range anytime.
@github-actions github-actions bot added the High A valid High severity issue label Mar 1, 2023
@Gornutz Gornutz added Medium A valid Medium severity issue Will Fix The sponsor confirmed this issue will be fixed Sponsor Confirmed The sponsor acknowledged this issue is valid labels Mar 8, 2023
@hrishibhat hrishibhat removed the High A valid High severity issue label Mar 16, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Mar 19, 2023
@rvierdiiev rvierdiiev mentioned this issue Mar 20, 2023
Closed
@Nyksxx Nyksxx mentioned this issue Mar 20, 2023
Closed
@sherlock-admin sherlock-admin added the Has Duplicates A valid issue with 1+ other issues describing the same vulnerability label Mar 29, 2023
This was referenced Apr 30, 2023
Closed
Closed
Open
@KenzoAgada KenzoAgada mentioned this issue Jul 1, 2023
Open
@sherlock-admin sherlock-admin mentioned this issue Jul 5, 2023
Closed
@Nabeel-javaid Nabeel-javaid mentioned this issue Jul 21, 2023
Closed
@akshaysrivastav akshaysrivastav mentioned this issue Jul 27, 2023
Open
@kosedogus kosedogus mentioned this issue Jul 29, 2023
Closed
@code423n4 code423n4 mentioned this issue Aug 4, 2023
Closed
@sherlock-admin sherlock-admin mentioned this issue Oct 28, 2023
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hrishibhat @Gornutz @sherlock-admin