Skip to content
This repository has been archived by the owner on Mar 3, 2024. It is now read-only.

rvierdiiev - LiquidationRow.liquidateVaultsForToken will never work, so vault depositors will not receive any rewards #45

Closed
sherlock-admin2 opened this issue Aug 29, 2023 · 0 comments
Closed

rvierdiiev - LiquidationRow.liquidateVaultsForToken will never work, so vault depositors will not receive any rewards #45

sherlock-admin2 opened this issue Aug 29, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Aug 29, 2023
edited by sherlock-admin
Loading

rvierdiiev

high

LiquidationRow.liquidateVaultsForToken will never work, so vault depositors will not receive any rewards

Summary

LiquidationRow.liquidateVaultsForToken will never work, so vault depositors will not receive any rewards

Vulnerability Detail

LiquidationRow.liquidateVaultsForToken function should swap reward assets of the vault and then send them to the rewarder for distribution.
https://github.com/sherlock-audit/2023-06-tokemak/blob/main/v2-core-audit-2023-07-14/src/liquidation/LiquidationRow.sol#L167-L180

    function liquidateVaultsForToken(
        address fromToken,
        address asyncSwapper,
        IDestinationVault[] memory vaultsToLiquidate,
        SwapParams memory params
    ) external nonReentrant hasRole(Roles.LIQUIDATOR_ROLE) onlyWhitelistedSwapper(asyncSwapper) {
        uint256 gasBefore = gasleft();


        (uint256 totalBalanceToLiquidate, uint256[] memory vaultsBalances) =
            _prepareForLiquidation(fromToken, vaultsToLiquidate);
        _performLiquidation(
            gasBefore, fromToken, asyncSwapper, vaultsToLiquidate, params, totalBalanceToLiquidate, vaultsBalances
        );
    }

The problem is inside _performLiquidation function.
This function calls should swap tokens, but it never sends tokens to the swapper.
Because swapper also doesn't send nothing to the LiquidationRow, i believe that delegate call was meant to use.

Result of this is severe for the system. This means that all accumulated rewards will never be distributed to the users, which means loss of all yields for them.

Impact

Users loss yields.

Code Snippet

Provided above

Tool used

Manual Review

Recommendation

Make delegate call, or send funds to swapper and back.

Duplicate of #205
@github-actions github-actions bot added High A valid High severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Sep 11, 2023
@sherlock-admin sherlock-admin changed the title Broad Tweed Tiger - LiquidationRow.liquidateVaultsForToken will never work, so vault depositors will not receive any rewards rvierdiiev - LiquidationRow.liquidateVaultsForToken will never work, so vault depositors will not receive any rewards Oct 3, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Oct 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin @sherlock-admin2