cccz - The owner can increase minCollateralRatio through the updateVault function, so that the account is liquidated due to insufficient collateral
Closed this issue · 0 comments
cccz
medium
The owner can increase minCollateralRatio through the updateVault function, so that the account is liquidated due to insufficient collateral
Summary
The owner can increase minCollateralRatio through the updateVault function, so that the account is liquidated due to insufficient collateral.
Vulnerability Detail
The owner can call the VaultAction.updateVault function to update vaultConfig.minCollateralRatio. When vaultConfig.minCollateralRatio increases, the account may be liquidated because the collateral ratio is less than minCollateralRatio.
Impact
the account may be liquidated because the collateral ratio is less than minCollateralRatio.
Code Snippet
https://github.com/sherlock-audit/2022-09-notional/blob/main/contracts-v2/contracts/external/actions/VaultAction.sol#L27-L36
https://github.com/sherlock-audit/2022-09-notional/blob/main/contracts-v2/contracts/internal/vaults/VaultConfiguration.sol#L163-L186
https://github.com/sherlock-audit/2022-09-notional/blob/main/contracts-v2/contracts/external/actions/VaultAccountAction.sol#L261-L280
Tool used
Manual Review
Recommendation
Consider using the timelock contract to call the VaultAction.updateVault function