high

Business Logic: Protocol Liquidation Arithmetic

Reward

Total

4514.29 USDC

1327.73 USDC
1327.73 USDC
Selected
1858.82 USDC
Selected Submission

Business Logic: Protocol Liquidation Arithmetic

Severity

High Risk

Summary

The protocol mints a stable coin based on the value of collateral tokens it accepts. The only way to mint this stable coin is through this contract.

To liquidate a users position in order to save the protocol from holding bad debt, the liquidator needs to pay back the dsc owed by the user that has a position at risk.

In order for the liquidator to get this dsc, they would need to mint new dsc from the contract. But the math does not work out.

With a Liquidation Bonus of 10% and an Over Collateralization Rate of 200%, a liquidator will always have their own collateral stuck in the protocol after liquidating a user.

This happens even if the liquidator is able to use the redeemed collateral to mint new dsc and pay back the users debt - should a way for this to be done atomically be available.

This also happens if they are able to purchase it or flashloan it from a dex or other venue prior to calling liquidate.

The math simply does not work.

Vulnerability Details

The Liquidation Incentives and the Collateralization Rate make it near impossible to liquidate any under collateralized positions without being the newest user of the protocol, whose position is now also at risk because the dsc has been spent.

Impact

Liquidators would not call liquidate. The protocol would suffer insolvency in adverse market conditions due to no liquidations taking place.

Furthermore, users after having done their homework may not want to enter the protocol at all due to its design of needing to have all debt returned in dsc - and without other incentives at play, dsc will probably be converted into an alternative token and we will have dsc dust forever in the wild, never to be able to redeem collateral again.

Tools Used

Manual Review

Recommendations

These are not all connected, but possibly can be:

  1. Design some incentives for users to keep using dsc and not sell it, so that they may be able to redeem their collateral.
  2. Make the collateralization rate and the liquidation bonus arithmetically incentivised so as to allow re-entrancy for a flash loan type of atomic mint within the protocol.
  3. Allow an alternative stable coin to be used for repayment should dsc not be available.
  4. Allow a flashmint feature in the Decentralised Stablecoin Contract for no fee, but limited to the value of the redeemed Collateral held at time of flashmint and pay back.