Skip to content

Latest commit

 

History

History
68 lines (46 loc) · 1.91 KB

046.md

File metadata and controls

68 lines (46 loc) · 1.91 KB

Low Tangerine Cod

Medium

Users can renew their position after liquidation period

Summary

Incorrect time validation in getOptionFeesToPay

Root Cause

Lets assume liquidation is being implemented for expired positions in protocol, which is not for now. Users will be able to avoid being liquidated by calling renewOptions AFTER its position expired

IBorrowing.Borrow_DeadlinePassed is incorrect and never validate correctly any time time < optionsRenewedTimeStamp + 15 days && time > optionsRenewedTimeStamp + 30 days

    function getOptionFeesToPay(
        ITreasury treasury,
        uint64 index
    ) public view returns (uint256) {
...
            // check the user is eligible to renew position
->            if (
                block.timestamp <
                depositDetail.optionsRenewedTimeStamp + 15 days &&
                block.timestamp >
                depositDetail.optionsRenewedTimeStamp + 30 days
            ) revert IBorrowing.Borrow_DeadlinePassed();

Blockchian/contracts/lib/BorrowLib.sol#L448

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

User call renewOptions after his position expired

Impact

User can avoid being liquidated

PoC

No response

Mitigation

According to docs and comment in that fuction below user should be able to call it any time < 30days

-            if (
-                block.timestamp <
-                depositDetail.optionsRenewedTimeStamp + 15 days &&
-                block.timestamp >
-                depositDetail.optionsRenewedTimeStamp + 30 days
-            ) revert IBorrowing.Borrow_DeadlinePassed();

+            if ( block.timestamp > depositDetail.optionsRenewedTimeStamp + 30 days
+            ) revert IBorrowing.Borrow_DeadlinePassed();