SolidityATL - Vulnerable unpause logic flow lead to unfair forced liquidations #168
Comments
github-actions
bot
added
Medium
|
This can be considered as an un-mandatory "idea for improvement", but I think that the risk is there so this is a reasonable submission, and if I recall correctly, was accepted by Sherlock judges in the past. |
arjun-io
added
Sponsor Confirmed
|
By introducing a time delay to allow traders to optionally increase their collateral to meet maintenance requirements the Product runs the risk of going into further shortfall if the traders opt to not increase their margin. The fairest option for both liquidators and other traders in the protocol is to require that traders are paying attention and self-liquidate (to retain the fee) if they so chose. |
|
As per previous comments, while the issue is not unworthy in my opinion, considering it more of a design choice than a proper problem. Closing. |
sherlock-admin
added
Non-Reward
sherlock-admin
added
Reward
SolidityATL
medium
Vulnerable unpause logic flow lead to unfair forced liquidations
Summary
Before pausing a protocol a position can be in good health.Once the protocol is paused that position cannot be updated. After resuming a pause, the position can immediately be liquidated if the positions falls below maintenance after settlement. This doesn't give the borrower a fair advantage to keep their collateral above
maintenance.
Vulnerability Detail
Impact
Borrowers are liquidated without given the chance to credit their account to keep a healthy maintenance level on their open positions
Code Snippet
https://github.com/sherlock-audit/2023-05-perennial/blob/main/perennial-mono/packages/perennial/contracts/collateral/Collateral.sol#L108-L135
Tool used
Manual Review
Recommendation
The recommendation is to incorporate a threshold period (ie. 3hrs) so borrowers can update their positions to a healthy level after the protocol is unpaused.
Duplicate of #190
The text was updated successfully, but these errors were encountered: