-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
withdraw() users may can't withdraw underlyingBorrowToken properly #88
Comments
This is a valid bug and the report is good Fixed in SizeCredit/size-solidity#124 |
Nice catch! |
hansfriese marked the issue as satisfactory |
hansfriese marked the issue as primary issue |
hansfriese marked the issue as selected for report |
code-423n4/2024-06-size-validation#248. I think this submission describe the same issue @hansfriese |
@coffiasd |
Hi, this issue should be of high severity. The likelihood is very high, imagine a user borrows $1000 and gives $1500 as collateral, his collateral ratio is now 1.5e18. If the price of ETH drops by just 1 cent (or even less), his borrowed funds will be locked. The impact is also high as well. |
I still believe Medium is appropriate for the following reasons:
|
Lines of code
https://github.com/code-423n4/2024-06-size/blob/8850e25fb088898e9cf86f9be1c401ad155bea86/src/Size.sol#L162
Vulnerability details
Vulnerability details
We can withdraw
underlyingCollateralToken
andunderlyingBorrowToken
bywithdraw()
From the code above we know that whether we take
underlyingCollateralToken
orunderlyingBorrowToken
will check
validateUserIsNotBelowOpeningLimitBorrowCR()
==>collateralRatio() > openingLimitBorrowCR
.This makes sense for taking
underlyingCollateralToken
, but not for takingunderlyingBorrowToken
.Because.
underlyingBorrowToken
does not affect thecollateralRatio
.openingLimitBorrowCR
is still far from being liquidated, and should not restrict the user from withdrawing the borrowed token.Impact
If the token is already borrowed, just stored in
Size
and not yet taken, but due to a slight price fluctuation,validateUserIsNotBelowOpeningLimitBorrowCR()
fails but is still far from being liquidated, the user may not be able to take the borrowed token.resulting in the possibility that the user may not be able to withdraw the borrowed funds
Recommended Mitigation
Assessed type
Context
The text was updated successfully, but these errors were encountered: