Assessment reports>Prisma Finance>Threat Models>batchLiquidateTroves

Function: batchLiquidateTroves(IERC20 collateral, address[] _troveArray)

This is the function to liquidate a custom list of troves.

Inputs

  • collateral

    • Control: Fully controlled.

    • Constraints: Should be valid collateral.

    • Impact: Collateral type to perform liquidations against.

  • _troveArray

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: List of borrower addresses to liquidate.

Branches and code coverage (including function calls)

Intended branches

  • If valid collateral is provided, the function should liquidate the list of borrower addresses. Troves that were already liquidated, or cannot be liquidated, should be ignored.

  • Break from normal liquidation if ICR >= MCR and try to perform liquidation in recovery mode.

Function call analysis

  • troveManager.updateBalances()

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

  • troveManager.getTroveOwnersCount()

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? Return value is not controllable.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

  • troveManager.fetchPrice()

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? Return value is not controllable.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

  • stabilityPoolCached.getTotalDebtTokenDeposits():

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? Return value is not controllable.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

  • troveManager.sunsetting()

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? Return value is not controllable.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

  • troveManager.getCurrentICR(account,price):

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? Return value is not controllable.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

  • borrowerOperations.getGlobalSystemBalances():

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? Return value is not controllable.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

  • stabilityPoolCached.offset(address(collateral), totals.totalDebtToOffset, totals.totalCollToSendToSP)

    • What is controllable? collateral address.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

  • troveManager.decreaseDebtAndSendCollateral

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

  • troveManager.finalizeLiquidation

    • What is controllable? msg.sender.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

Zellic © 2025Back to top ↑