Smart contract unable to operate due to lack of token funds
Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)
Description
Brief/Intro
The lock in internal_redeem_collateral_from_trove is not released, causing a deadlock.
Vulnerability Details
in the function internal_redeem_collateral_from_trove When new_debt < MIN_NET_DEBT, the lock in internal_redeem_collateral_from_trove is not released, causing a deadlock.
// contracts/trove-manager-contract/src/main.sw
...
#[storage(read, write)]
fn internal_redeem_collateral_from_trove(
...
// If the trove's debt is fully redeemed, close the trove
if (new_debt == 0) {
internal_remove_stake(borrower);
internal_close_trove(borrower, Status::ClosedByRedemption);
internal_redeem_close_trove(borrower, 0, new_coll);
} else {
// Calculate the new nominal collateralization ratio
let new_nicr = fm_compute_nominal_cr(new_coll, new_debt);
// If the new debt is below the minimum allowed, cancel the partial redemption
///////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////
if (new_debt < MIN_NET_DEBT) {
single_redemption_values.cancelled_partial = true;
return single_redemption_values;
// VULN : The `lock_internal_redeem_collateral_from_trove` is not released.
}
///////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////
// Re-insert the trove into the sorted list with its new NICR
...
}
Impact Details
This vulnerability can cause a deadlock in the contract permanently
