Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dandy Caramel Tortoise - Lack of sequencer uptime check can cause lenders to loose assets in L2 #50

Open
sherlock-admin3 opened this issue Dec 10, 2024 · 0 comments
Open

Dandy Caramel Tortoise - Lack of sequencer uptime check can cause lenders to loose assets in L2 #50

sherlock-admin3 opened this issue Dec 10, 2024 · 0 comments

Comments

@sherlock-admin3
Copy link
Contributor

Dandy Caramel Tortoise

Medium

Lack of sequencer uptime check can cause lenders to loose assets in L2

Summary

Lack of sequencer uptime check can cause the dutch auction for collateral to be settled at very low prices making the lenders loose their assets

Root Cause

The liquidateDefaultedLoanWithIncentive function performs a Dutch auction in case of defaulted loans

    function liquidateDefaultedLoanWithIncentive(
        uint256 _bidId,
        int256 _tokenAmountDifference
    ) external whenForwarderNotPaused whenNotPaused bidIsActiveForGroup(_bidId) nonReentrant onlyOracleApprovedAllowEOA {
       * @dev As time approaches infinite, the output approaches -1 * AmountDue .  
    */
    function getMinimumAmountDifferenceToCloseDefaultedLoan(
        uint256 _amountOwed,
        uint256 _loanDefaultedTimestamp
    ) public view virtual returns (int256 amountDifference_) {
        require(
            _loanDefaultedTimestamp > 0,
            "Loan defaulted timestamp must be greater than zero"
        );
        require(
            block.timestamp > _loanDefaultedTimestamp,
            "Loan defaulted timestamp must be in the past"
        );


        uint256 secondsSinceDefaulted = block.timestamp -
            _loanDefaultedTimestamp;


        //this starts at 764% and falls to -100% 
        int256 incentiveMultiplier = int256(86400 - 10000) -
            int256(secondsSinceDefaulted);

And the team plans to launch on L2's like Arbitrum, Base etc which can have sequencer outages. In case the sequencer is down, liquidations won't happen until the sequencer comes back or the force inclusion delay passes. During this time the auction's price will have decreased significantly causing the auction to be settled at a very low price leading to losses for the lenders. Currently the price goes from (8.64x amountDue to 0 in 1 day) and delays in matter of hours can have significant impact on the price considering the lower range of price spectrum is the most likely one

Internal pre-conditions

No response

External pre-conditions

  1. Sequencer outage

Attack Path

No response

Impact

Lenders will loose assets due to unfair auction

PoC

No response

Mitigation

Check for sequencer uptime similar to paused time
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin3