Skip to content

Latest commit

 

History

History
49 lines (29 loc) · 1.95 KB

080.md

File metadata and controls

49 lines (29 loc) · 1.95 KB

Daring Currant Sealion

High

Omission of Critical Data in fetching in the exchange rate and ETH price in borrowLiquidation.liquidationType1()

Summary

Commenting out uint128 ethPrice when trying to fetch the exchange rate and ETH price in liquidationType1 can lead to inconsistencies in the liquidation process.

Root Cause

When liquidationType1 is used for liquidation, during the workflow, it gets the exchange rate and eth price. which is really useful in the liquidation process. But the issue is that, the actual code doesn't do exactly what the comment above the snippet says.

        // Get the exchange rate and ETH price
        (uint128 exchangeRate /*uint128 ethPrice*/, ) = borrowing.getUSDValue(borrowing.assetAddress(depositDetail.assetName));

As seen, the uint128 ethPrice is commented out, hence only the exchangeRate is fetched.

In CDS.withdraw:301 the ethPrice is fetched

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

This omission would lead to the collateral's true value (in USD or another stable unit) may be underestimated or overestimated.

PoC

https://github.com/sherlock-audit/2024-11-autonomint/blob/main/Blockchain/Blockchian/contracts/Core_logic/borrowLiquidation.sol#L186-L187

https://github.com/sherlock-audit/2024-11-autonomint/blob/main/Blockchain/Blockchian/contracts/Core_logic/CDS.sol#L301-L302

Mitigation

The code should be corrected to retrieve and use both the exchange rate and the ETH price to ensure consistent behavior.

(uint128 exchangeRate, uint128 ethPrice) = borrowing.getUSDValue(borrowing.assetAddress(depositDetail.assetName));