Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fast Pink Crow - Users should not be able to liquidate themselves when there are bad debt on their positions #199

Open
sherlock-admin3 opened this issue Jan 22, 2025 · 0 comments
Open

Fast Pink Crow - Users should not be able to liquidate themselves when there are bad debt on their positions #199

sherlock-admin3 opened this issue Jan 22, 2025 · 0 comments

Comments

@sherlock-admin3
Copy link

Fast Pink Crow

Medium

Users should not be able to liquidate themselves when there are bad debt on their positions

Summary

When users are liquidated due to bad debt, the entire debt will be removed, and their entire collateral will be taken away. However, if the user is the liquidator, they will retain some collateral while the entire debt is still removed.

Root Cause

When a user acts as the liquidator and there is bad debt in the overall positions, the entire collateral will be utilized to remove the bad debt across all other borrowed assets if the collateral is fully used. However, if the user chooses to liquidate their own position, the liquidator bonus is added, allowing the user to extract some value from their underwater position.

In this check, it is verified whether the entire collateral is used. However, if the user is the liquidator, they retain some collateral from the liquidation bonus. This is inconsistent with the assumption that no collateral remains after liquidation.
https://github.com/sherlock-audit/2025-01-aave-v3-3/blob/8da00c84076db02af24bfe20cc6b99e6738f743f/aave-v3-origin/src/contracts/protocol/libraries/logic/LiquidationLogic.sol#L408-L410

Internal Pre-conditions

  1. Account is liquidatable such that the entire collateral will be used and all the debts will be removed
  2. User liquidates themselves

External Pre-conditions

None needed

Attack Path

No attack path, can happen if above conditions are met.

Impact

Theoretically user will have some collateral but the entire debts are removed. Not 100% consistent with the code assumptions.

PoC

none needed.

Mitigation

if the entire debt is removed and user has no collateral, then don't let the liquidator be the user getting liquidated.

if (hasNoCollateralLeft && userConfig.isBorrowingAny()) {
+      require(msg.sender != params.user);
      _burnBadDebt(reservesData, reservesList, userConfig, params.reservesCount, params.user);
    }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin3