·
Due to insufficient safeguards against price drops, liquidators receive less collateral than expected from the vault and pool, resulting in financial losses.
Suppose:
- F-asset = FXRP
- 1 XRP = 1 USD
- Vault’s collateral is USDC
- 1 NAT = 1 USD
- Liquidation factor = 1.05
Based on the above assumptions, the liquidator is expected to receive 10,000 USDC and 500 NAT for one lot.
- An agent is established, after which the necessary collateral is deposited into the agent’s vault and collateral pool. The agent is then made publicly accessible.
- A minter reserves the required collateral and initiates the corresponding payment transaction.
- The function MintingFacet::executeMinting is invoked, resulting in the minter receiving fassets.
- The agent executes a decrease transaction on the underlying network without prior notification.
- An illegal payment is detected, and the challenger submits proof of the illegal payment. As a result, the agent’s status changes to FULL_LIQUIDATION.
- The liquidator submits the transaction to the network. However, if the price of XRP decreases to 0.90 USD at the time of execution, the liquidator receives 9,000 USDC and 450 NAT, which is less than anticipated.
Alpha: check if there is slippage protection when using price oracles, since they update their price every t amount of time, and this update can be significant and lead to unexpected results.
Conclusion
This finding would earn you $33790, requiring you to understand the liquidation process and the price oracle slippage attack vector.