Omniscia Kanpeki Finance Audit
Coordinator Manual Review Findings
Coordinator Manual Review Findings
COO-01M: Disjoint Settlement Action
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Minor | Coordinator.sol:L158-L178 |
Description:
The settlement of a forced liquidation is a secondary action that is reliant on the actual liquidation of the collateral that the administrator manages to achieve and can result in a desynchronized totalBorrowed state that can in-turn cause decreaseTokenTotalBorrowed to fail.
Example:
140function decreaseTokenTotalBorrowed (address debtToken, uint256 amount) external override141{142 require(hasRole(UPDATER_ROLE, msg.sender), "!updater");143
144
145 _asset[debtToken].totalBorrowed -= amount;146}147
148
149function increaseTokenCumulativeInterestPaid (address token, uint256 amount) external override150{151 require(hasRole(UPDATER_ROLE, msg.sender), "!updater");152
153
154 _asset[token].cumulativeInterestPaid = _asset[token].cumulativeInterestPaid + amount;155}156
157
158function settleForcedLiquidation (address token, uint256 settledAmount, uint256 settledInterest) external onlyAdmin159{160 _vaultExists(token);161
162
163 Asset memory asset = _asset[token];164
165
166 _asset[token].totalBorrowed = asset.totalBorrowed - settledAmount;167 // increase token cumulative interest paid168 _asset[token].cumulativeInterestPaid = asset.cumulativeInterestPaid + settledInterest;169
170
171 // settled amount: admin -> deposit vault172 IERC20(token).safeTransferFrom(msg.sender, asset.vaults.deposit, settledAmount);173 // settled interest: admin -> interest vault174 IERC20(token).safeTransferFrom(msg.sender, asset.vaults.interest, settledInterest);175
176
177 emit SettleForcedLiquidation(token, settledAmount, settledInterest);178}Recommendation:
We strongly recommend some form of validation to be imposed on the settledAmount to ensure that it is at most equal to the amount of the debt as any amount beyond that would cause the misbehaviour described. Alternatively, we advise the decreaseTokenTotalBorrowed function to reduce the totalBorrowed member by the minimum between totalBorrowed and amount to ensure it is operable at all times as it serves purely for statistical purposes.
Alleviation:
Our latter recommendation was applied whereby decrease total borrowed performs a minimum operation and can be executed under all circumstances.