Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

0x52 - Outstanding loans cannot be closed or liquidated if collateral is paused #57

Open
github-actions bot opened this issue Dec 11, 2022 · 2 comments
Open

0x52 - Outstanding loans cannot be closed or liquidated if collateral is paused #57

github-actions bot opened this issue Dec 11, 2022 · 2 comments
Labels
Has Duplicates High Reward Sponsor Confirmed Will Fix

Comments

@github-actions
Copy link

0x52

high

Outstanding loans cannot be closed or liquidated if collateral is paused

Summary

When a collateral is paused by governance, collateralValid is set to false. This causes closing and liquidating of loans to be impossible, leading to two issues. The first is that users with exist loans are unable to close their loans to recover their collateral. The second is that since debt is impossible to liquidate the protocol could end up being stuck with a lot of bad debt.

Vulnerability Detail

function pauseCollateralType(
    address _collateralAddress,
    bytes32 _currencyKey
    ) external collateralExists(_collateralAddress) onlyAdmin {
    require(_collateralAddress != address(0)); //this should get caught by the collateralExists check but just to be careful
    //checks two inputs to help prevent input mistakes
    require( _currencyKey == collateralProps[_collateralAddress].currencyKey, "Mismatched data");
    collateralValid[_collateralAddress] = false;
    collateralPaused[_collateralAddress] = true;
}

When a collateral is paused collateralValid[_collateralAddress] is set to false. For Vault_Lyra Vault_Synths and Vault_Velo this will cause closeLoan and callLiquidation to revert. This traps existing users and prevents liquidations which will result in bad debt for the protocol

Impact

Outstanding loans cannot be closed or liquidated, freezing user funds and causing the protocol to take on bad debt

Code Snippet

https://github.com/sherlock-audit/2022-11-isomorph/blob/main/contracts/Isomorph/contracts/CollateralBook.sol#L185-L195

Tool used

Manual Review

Recommendation

Allow liquidations and loan closure when collateral is paused
@github-actions github-actions bot added the High label Dec 11, 2022
@kree-dotcom kree-dotcom mentioned this issue Dec 12, 2022
Closed
@hrishibhat hrishibhat mentioned this issue Dec 15, 2022
Open
@kree-dotcom
Copy link

kree-dotcom commented Dec 18, 2022
edited
Loading

Fixed. kree-dotcom/isomorph@9fef842

By decoupling the switching of the CollateralValid mapping in the CollateralBook.sol from CollateralPaused we can now introduce an additional check in OpenLoan() of require(!collateralBook.collateralPaused(_collateralAddress), "Paused collateral!");
This means increaseCollateralAmount(), closeLoan() and callLiquidation() can all occur for paused collaterals.

@IAm0x52
Copy link
Collaborator

IAm0x52 commented Jan 7, 2023

Fixes look good. Pausing collateral no longer marks the collateral as invalid, allowing vault actions to be carried out when collateral is paused. OpenLoan now reverts if collateral is paused.

@sherlock-admin sherlock-admin mentioned this issue Apr 30, 2023
Closed
@0xffff11 0xffff11 mentioned this issue Jun 20, 2023
Closed
@c4-bot-10 c4-bot-10 mentioned this issue Jul 2, 2024
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Has Duplicates High Reward Sponsor Confirmed Will Fix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kree-dotcom @sherlock-admin @IAm0x52