From 9916947949d3a50762fc8b15a6632423723d0bc3 Mon Sep 17 00:00:00 2001 From: The-3D Date: Mon, 8 Aug 2022 17:34:42 +0200 Subject: [PATCH 1/3] fix: liquidationCall reentrancy --- .../libraries/logic/LiquidationLogic.sol | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/contracts/protocol/libraries/logic/LiquidationLogic.sol b/contracts/protocol/libraries/logic/LiquidationLogic.sol index 7d91d3365..0742cedbc 100644 --- a/contracts/protocol/libraries/logic/LiquidationLogic.sol +++ b/contracts/protocol/libraries/logic/LiquidationLogic.sol @@ -166,6 +166,13 @@ library LiquidationLogic { userConfig.setBorrowing(debtReserve.id, false); } + // If the collateral being liquidated is equal to the user balance, + // we set the currency as not being used as collateral anymore + if (vars.actualCollateralToLiquidate == vars.userCollateralBalance) { + userConfig.setUsingAsCollateral(collateralReserve.id, false); + emit ReserveUsedAsCollateralDisabled(params.collateralAsset, params.user); + } + _burnDebtTokens(params, vars); debtReserve.updateInterestRates( @@ -197,14 +204,7 @@ library LiquidationLogic { vars.liquidationProtocolFeeAmount ); } - - // If the collateral being liquidated is equal to the user balance, - // we set the currency as not being used as collateral anymore - if (vars.actualCollateralToLiquidate == vars.userCollateralBalance) { - userConfig.setUsingAsCollateral(collateralReserve.id, false); - emit ReserveUsedAsCollateralDisabled(params.collateralAsset, params.user); - } - + // Transfers the debt asset being repaid to the aToken, where the liquidity is kept IERC20(params.debtAsset).safeTransferFrom( msg.sender, From 8e6cbc85734fba28df689c491e88648646b6c055 Mon Sep 17 00:00:00 2001 From: The-3D Date: Mon, 8 Aug 2022 17:43:24 +0200 Subject: [PATCH 2/3] fix: reentrancy on withdraw --- .../protocol/libraries/logic/SupplyLogic.sol | 22 +++++++++++++------ 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/contracts/protocol/libraries/logic/SupplyLogic.sol b/contracts/protocol/libraries/logic/SupplyLogic.sol index 98ad8e8f9..ed0a18037 100644 --- a/contracts/protocol/libraries/logic/SupplyLogic.sol +++ b/contracts/protocol/libraries/logic/SupplyLogic.sol @@ -128,6 +128,14 @@ library SupplyLogic { reserve.updateInterestRates(reserveCache, params.asset, 0, amountToWithdraw); + bool isCollateral; + + if ((isCollateral = userConfig.isUsingAsCollateral(reserve.id))) { + if (amountToWithdraw == userBalance) { + userConfig.setUsingAsCollateral(reserve.id, false); + emit ReserveUsedAsCollateralDisabled(params.asset, msg.sender); + } + } IAToken(reserveCache.aTokenAddress).burn( msg.sender, params.to, @@ -135,7 +143,7 @@ library SupplyLogic { reserveCache.nextLiquidityIndex ); - if (userConfig.isUsingAsCollateral(reserve.id)) { + if (isCollateral) { if (userConfig.isBorrowingAny()) { ValidationLogic.validateHFAndLtv( reservesData, @@ -149,11 +157,6 @@ library SupplyLogic { params.userEModeCategory ); } - - if (amountToWithdraw == userBalance) { - userConfig.setUsingAsCollateral(reserve.id, false); - emit ReserveUsedAsCollateralDisabled(params.asset, msg.sender); - } } emit Withdraw(params.asset, msg.sender, params.to, amountToWithdraw); @@ -264,7 +267,12 @@ library SupplyLogic { if (useAsCollateral) { require( - ValidationLogic.validateUseAsCollateral(reservesData, reservesList, userConfig, reserveCache.reserveConfiguration), + ValidationLogic.validateUseAsCollateral( + reservesData, + reservesList, + userConfig, + reserveCache.reserveConfiguration + ), Errors.USER_IN_ISOLATION_MODE ); From 9c333a8e2d5546356ce8ef0334eda3a5ef4b25ba Mon Sep 17 00:00:00 2001 From: miguelmtzinf Date: Fri, 28 Oct 2022 11:24:27 +0200 Subject: [PATCH 3/3] fix: Join conditionals in withdraw function --- .../protocol/libraries/logic/SupplyLogic.sol | 37 +++++++++---------- 1 file changed, 17 insertions(+), 20 deletions(-) diff --git a/contracts/protocol/libraries/logic/SupplyLogic.sol b/contracts/protocol/libraries/logic/SupplyLogic.sol index ed0a18037..1c7d2d259 100644 --- a/contracts/protocol/libraries/logic/SupplyLogic.sol +++ b/contracts/protocol/libraries/logic/SupplyLogic.sol @@ -128,14 +128,13 @@ library SupplyLogic { reserve.updateInterestRates(reserveCache, params.asset, 0, amountToWithdraw); - bool isCollateral; + bool isCollateral = userConfig.isUsingAsCollateral(reserve.id); - if ((isCollateral = userConfig.isUsingAsCollateral(reserve.id))) { - if (amountToWithdraw == userBalance) { - userConfig.setUsingAsCollateral(reserve.id, false); - emit ReserveUsedAsCollateralDisabled(params.asset, msg.sender); - } + if (isCollateral && amountToWithdraw == userBalance) { + userConfig.setUsingAsCollateral(reserve.id, false); + emit ReserveUsedAsCollateralDisabled(params.asset, msg.sender); } + IAToken(reserveCache.aTokenAddress).burn( msg.sender, params.to, @@ -143,20 +142,18 @@ library SupplyLogic { reserveCache.nextLiquidityIndex ); - if (isCollateral) { - if (userConfig.isBorrowingAny()) { - ValidationLogic.validateHFAndLtv( - reservesData, - reservesList, - eModeCategories, - userConfig, - params.asset, - msg.sender, - params.reservesCount, - params.oracle, - params.userEModeCategory - ); - } + if (isCollateral && userConfig.isBorrowingAny()) { + ValidationLogic.validateHFAndLtv( + reservesData, + reservesList, + eModeCategories, + userConfig, + params.asset, + msg.sender, + params.reservesCount, + params.oracle, + params.userEModeCategory + ); } emit Withdraw(params.asset, msg.sender, params.to, amountToWithdraw);