Assessment reports>Prisma Finance>Threat Models>liquidateTroves

Function: liquidateTroves(IERC20 collateral, uint256 maxTrovesToLiquidate, uint256 maxICR)

Liquidate a sequence of troves.

Inputs

  • collateral

    • Control: Fully controlled.

    • Constraints: Should be a valid collateral.

    • Impact: Collateral type to perform liquidations against.

  • maxTrovesToLiquidate

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: The maximum number of troves to liquidate.

  • maxICR

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: Maximum ICR to liquidate.

Branches and code coverage (including function calls)

Intended branches

  • Liquidate all the troves that can be liquidated with ICR <= maxICR.

  • Break from normal liquidation if ICR >= MCR and try to perform liquidation in recovery mode.

Negative behavior

  • Revert if wrong collateral is used.

  • Revert if there are no troves that can be liquidated.

Function call analysis

  • troveManager.updateBalances()

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

  • troveManager.getTroveOwnersCount()

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? Return value is not controllable.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

  • troveManager.fetchPrice()

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? Return value is not controllable.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

  • stabilityPoolCached.getTotalDebtTokenDeposits()

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? Return value is not controllable.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

  • troveManager.sunsetting()

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? Return value is not controllable.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

  • troveManager.getCurrentICR(account,price)

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? Return value is not controllable.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

  • borrowerOperations.getGlobalSystemBalances()

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? Return value is not controllable.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

  • stabilityPoolCached.offset(address(collateral), totals.totalDebtToOffset, totals.totalCollToSendToSP)

    • What is controllable? collateral address.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

  • troveManager.decreaseDebtAndSendCollateral

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

  • troveManager.finalizeLiquidation

    • What is controllable? msg.sender.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

Zellic © 2025Back to top ↑