Category: Business Logic
[FIXED] Collateral inflation attack allows for theft of funds
Critical Severity
Critical Impact
High Likelihood
Description
The maximum withdraw amount for a user is calculated as the swappable value of their collateral minus their debt.
function maxWithdraw(
address account
) public view virtual override returns (uint256) {
...
IDebt debt = _market.debt();
uint256 account_debt_assets = debt.assetsOf(account);
if (account_debt_assets == 0) return asset_balance;
ILendingStrategy strategy = _market.strategy();
uint256 debt_value = _market.swapper().valueOf(
debt.asset(),
account_debt_assets
);
uint256 borrowable_collateral = (asset_balance *
strategy.maxCollateralizationRatio()) / strategy.precision();
return
(borrowable_collateral > debt_value)
? borrowable_collateral - debt_value
: 0;
}
Impact
It is profitable for a malicious attacker to manipulate the underlying pool in order to inflate the value of their collateral. This allows them to withdraw most of the collateral while keeping the debt that is worth more than the original collateral. As a result of this, protocol funds can be stolen.
Recommendations
Only allow withdrawal of collateral once all the debt has been paid off.
Remediation
The Nukem team has fixed this issue by removing the partial withdraw mechanism in commit 2e3ecbe0↗.