Skip to content

Latest commit

 

History

History
45 lines (30 loc) · 2.09 KB

046.md

File metadata and controls

45 lines (30 loc) · 2.09 KB

Obedient Lava Monkey

Medium

Incorrect handling of liquidationProtocolFee can lead to protocol fee miscalculation or loss.

Summary

The calculation of liquidationProtocolFee in _calculateAvailableCollateralToLiquidate incorrectly deducts the fee from the collateralAmount before returning, which may lead to a mismatch in the total collateral liquidated versus what is credited to the liquidator and the protocol.

Root Cause

In LiquidationLogic.sol (within _calculateAvailableCollateralToLiquidate), the liquidationProtocolFee is subtracted from the collateralAmount without ensuring proper separation of the liquidator's and protocol's shares. This can result in:

  1. Liquidators receiving less collateral than expected.
  2. The protocol's fee being double-counted or inaccurately applied.

Internal Pre-conditions

  1. A liquidation occurs where the liquidationProtocolFeePercentage is non-zero.
  2. The calculated liquidationProtocolFee is deducted from the total collateralAmount.

External Pre-conditions

None (assumes trusted dependencies).

Attack Path

  1. A liquidator calls the liquidation function.
  2. The _calculateAvailableCollateralToLiquidate function deducts the liquidationProtocolFee from collateralAmount.
  3. The returned collateralAmount excludes the protocol's fee, causing:
    • A mismatch in expected collateral transfer to the liquidator.
    • Potential double deduction of the protocol fee if the function consuming this logic also accounts for the fee separately.

Impact

The protocol may lose fees, or liquidators may receive less collateral than expected, reducing their incentive to participate in liquidation. This could destabilize the protocol's liquidation process and treasury balance.

Mitigation

Separate the collateralAmount and liquidationProtocolFee in the return values and ensure they are handled independently downstream.