This repository has been archived by the owner on Nov 19, 2023. It is now read-only.
ShadowForce - Cannot permissionless settle the vault account if the user use a blacklisted account #155
Labels
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
ShadowForce
medium
Cannot permissionless settle the vault account if the user use a blacklisted account
Summary
Cannot permissionless settle the vault account if the user use a blacklisted account
Vulnerability Detail
In VaultAccoutnAction.sol, one of the critical function is
as the comment suggests, this function should be called permissionless
and the comment is, which means there should not be able to permissionless reject account settlement
/// will first settle the vault account before taking any further actions.
this is calling
which calls
basically this calls
calling
the token withdrawal logic above try to push ETH to accout
this is calling
note the function call
if the token type is not ETHER,
we are transfer the underlying ERC20 token to the account
GenericToken.safeTransferOut(underlying.tokenAddress, account, withdrawAmount);
the token in-scoped is
USDC is common token that has blacklisted
if the account is blacklisted, the transfer would revert and the account cannot be settled!
Impact
what are the impact,
per comment
/// will first settle the vault account before taking any further actions.
if that is too vague, I can list three, there are more!
https://github.com/notional-finance/contracts-v2/blob/b20a45c912785fab5f2b62992e5260f44dbae197/contracts/external/actions/VaultLiquidationAction.sol#L229
Code Snippet
https://github.com/notional-finance/contracts-v2/blob/b20a45c912785fab5f2b62992e5260f44dbae197/contracts/internal/balances/TokenHandler.sol#L241
Tool used
Manual Review
Recommendation
maybe let admin bypass the withdrawPrimeCash and force settle the account to not let settlement block further action!
The text was updated successfully, but these errors were encountered: