Skip to content

Latest commit

 

History

History
50 lines (34 loc) · 3.28 KB

037.md

File metadata and controls

50 lines (34 loc) · 3.28 KB

Glamorous Plum Baboon

High

The Case of the Miscalculated Collateral in _calculateAvailableCollateralToLiquidate

Summary:

The method _calculateAvailableCollateralToLiquidate incorrectly calculates the collateral that can be liquidated. This can lead to mismanagement of liquidations, especially when the user has minimal collateral or rounding errors occur with large numbers.

Description:

The function _calculateAvailableCollateralToLiquidate is intended to determine how much collateral can be liquidated for a user based on their position and collateral ratio. However, the current formula fails in certain edge cases:

  • If a user has minimal collateral, the calculation may understate or overstate the available collateral.
  • Large numbers may lead to rounding issues, especially when the collateral value has many decimal points. This failure results in incorrect liquidation decisions, which can either prevent liquidation when necessary or cause excess liquidation, both of which undermine the system’s integrity.

Root Cause:

The root cause of this issue lies in the formula used within _calculateAvailableCollateralToLiquidate. It does not adequately handle edge cases where:

  1. The user has a very small amount of collateral left after other transactions.
  2. Large numbers are involved, leading to rounding errors that cause the collateral to be inaccurately calculated.

https://github.com/sherlock-audit/2025-01-aave-v3-3/blob/main/aave-v3-origin/src/contracts/protocol/libraries/logic/LiquidationLogic.sol#L628-L679

Impact:

1, Excessive liquidation of collateral that the user did not intend to lose. 2, Failure to liquidate when the collateral ratio exceeds the required threshold, causing a financial imbalance and increasing the protocol's risk. 3, Loss of funds for users, which could lead to a loss of trust and reputation for the platform or protocol.

Proof of Concept (PoC):

To illustrate the issue, consider the following scenario:

  1. A user has 0.000001 ETH as collateral with a debt of 0.01 ETH.
  2. The method _calculateAvailableCollateralToLiquidate is executed, but due to rounding errors, the collateral is either inaccurately underestimated or overestimated.
  3. As a result, either the collateral isn't liquidated when it should be, or too much collateral is liquidated, causing unnecessary losses.

Mitigation:

  1. Refactor the Calculation Formula:

    • Review and revise the formula used in _calculateAvailableCollateralToLiquidate to handle small collateral values and large numbers more accurately.
    • Implement safeguards against rounding errors, such as rounding to a fixed decimal place after calculations.

  2. Introduce Edge Case Handling:

    • Add specific checks to handle edge cases such as small collateral values and large numbers.
    • For minimal collateral, ensure that the available collateral is never underestimated, and any fractional collateral amounts are handled precisely.

  3. Unit Testing and Simulation:

    • Create unit tests that simulate a variety of edge cases, including small collateral amounts and high-value transactions, to ensure the function performs as expected under all conditions.
    • Run stress tests to verify the stability of the collateral calculation during high-volume transactions.