Skip to content

Latest commit

 

History

History
60 lines (41 loc) · 2.99 KB

049.md

File metadata and controls

60 lines (41 loc) · 2.99 KB

Obedient Lava Monkey

High

Protocol fee misalignment in collateral liquidation causes treasury losses.

Summary

The liquidationProtocolFee is deducted from the bonus collateral instead of the total collateral, which results in misaligned fee calculations, leading to lower-than-expected protocol fees for the treasury.

Root Cause

In LiquidationLogic.sol (within _calculateAvailableCollateralToLiquidate), the liquidationProtocolFee is calculated using only the bonus collateral (collateralAmount - collateralAmount.percentDiv(liquidationBonus)) instead of the total collateral amount being liquidated. This creates an unintended reduction in fees collected by the protocol.

The liquidationProtocolFee is calculated only on the bonus collateral instead of the total collateral amount being liquidated. The bonus collateral is computed as:

 vars.bonusCollateral =
        vars.collateralAmount -
        vars.collateralAmount.percentDiv(liquidationBonus);

Then, the fee is applied only to this bonus portion:

 vars.liquidationProtocolFee = vars.bonusCollateral.percentMul(
        vars.liquidationProtocolFeePercentage
      );

This approach ignores the base collateral portion (collateralAmount - bonusCollateral), meaning the protocol collects fees on a smaller value than the actual collateral liquidated.

Correct Behavior: The protocol fee should be calculated on the entire collateralAmount, not just the bonus, to align with the expected fee structure.

Internal Pre-conditions

  1. The liquidationBonus is greater than 0, leading to a bonus collateral calculation.
  2. The liquidationProtocolFeePercentage is set to a non-zero value in the reserve configuration.
  3. The protocol fee calculation is applied only to the bonus collateral.

External Pre-conditions

None (assumes trusted dependencies and valid oracle prices).

Attack Path

  1. A liquidator initiates a liquidation for a user holding collateral.
  2. The _calculateAvailableCollateralToLiquidate function applies the liquidationProtocolFee only on the bonus collateral.
  3. The protocol collects less in fees than it should, as the fee is not calculated on the total collateral amount.

Impact

The protocol treasury collects lower fees than expected for liquidations, leading to significant losses over time as the fee structure is misaligned with the total collateral liquidated.

Mitigation

The liquidationProtocolFee should be calculated on the total collateral amount instead of just the bonus collateral. Update the fee calculation in _calculateAvailableCollateralToLiquidate.