Submitted on Mon Aug 05 2024 17:37:39 GMT-0400 (Atlantic Standard Time) by @ICP for Boost | Folks Finance
Target: https://testnet.snowtrace.io/address/0xf8E94c5Da5f5F23b39399F6679b2eAb29FE3071e
Liquidator will ended with underflow exception while normal liquidation process acquiring the borrow balance of the violator
Liquidation is normal process in market when loan went to underCollateralized normally liquidator acquire the assets by calling executeLiquidate()
function in LoanManagerLogic from hub. But inside this this function which calls the updateLiquidationBorrows()
to transfer the funds from the Violator to liquidator here it calls the transferBorrowFromViolator()
function in order to repay and decrease the balance of the violator . Below code snippet we can see :-
In above we can see the balances of violator and liquidator before liquidation which is fetch from the user defined functions.
Violator have borrow 1000 USDC and underCollateralized Liquidator tries to acquire by paying 965 USDC but it will halt the process by panic code 0x11 underFlow or overflow Vm exception. Liquidator by seeing the violator borrow balance and try to acquire by lesser amount than the borrow balance it will landed in halted in hub chain.
1 . Temporary blocks the liquidation process and liquidator funds.
2 . Liquidator doesn't allow to acquire the default loans ended with exception which will cause halt of normal process in VM because it not handle with try catch.
3 . Smart contracts which is associated with Liquidation Logic will not be able to access due to the error while acquiring the borrow balance.
The above impact assessed with protocol, if any query please ping me.
https://github.com/Folks-Finance/folks-finance-xchain-contracts/blob/main/contracts/hub/logic/LoanManagerLogic.sol#L477C1-L483C10 https://github.com/Folks-Finance/folks-finance-xchain-contracts/blob/main/contracts/hub/logic/UserLoanLogic.sol#L127C1-L128C51
1 . Add the check if repayBorrowAmount
which is liquidator input is greater than the violator balance cause the panic error if so, then no need to subtract
Then we can clear the balance.
2 . Add mechanism that how much can liquidator can repay to acquire full borrow balance to prevent the panic code error.
Copy import { expect } from "chai" ;
import { ethers } from "hardhat" ;
import { PANIC_CODES } from "@nomicfoundation/hardhat-chai-matchers/panic" ;
import { loadFixture , reset , time } from "@nomicfoundation/hardhat-toolbox/network-helpers" ;
import {
LiquidationLogic__factory ,
LoanManagerLogic__factory ,
LoanManager__factory ,
LoanPoolLogic__factory ,
MockHubPool__factory ,
MockOracleManager__factory ,
RewardLogic__factory ,
UserLoanLogic__factory ,
LoanManagerStateExposed__factory
} from "../../typechain-types" ;
import { BYTES32_LENGTH, convertStringToBytes, getAccountIdBytes, getEmptyBytes, getRandomBytes } from "../utils/bytes";
import { SECONDS_IN_DAY , SECONDS_IN_HOUR , getLatestBlockTimestamp , getRandomInt } from "../utils/time" ;
import { UserLoanBorrow , UserLoanCollateral } from "./libraries/assets/loanData" ;
import { getNodeOutputData } from "./libraries/assets/oracleData" ;
import {
calcAverageStableRate ,
calcBorrowBalance ,
calcBorrowInterestIndex ,
calcReserveCol ,
calcStableInterestRate ,
convToCollateralFAmount ,
convToRepayBorrowAmount ,
convToSeizedCollateralAmount ,
toFAmount ,
toUnderlingAmount ,
} from "./utils/formulae" ;
describe ( "LoanManager (unit tests)" , () => {
const DEFAULT_ADMIN_ROLE = getEmptyBytes (BYTES32_LENGTH);
const LISTING_ROLE = ethers. keccak256 ( convertStringToBytes ( "LISTING" ));
const ORACLE_ROLE = ethers. keccak256 ( convertStringToBytes ( "ORACLE" ));
const HUB_ROLE = ethers. keccak256 ( convertStringToBytes ( "HUB" ));
async function deployLoanManagerFixture () {
const [admin , hub , user , ...unusedUsers] = await ethers. getSigners ();
// libraries
const userLoanLogic = await new UserLoanLogic__factory (user). deploy ();
const userLoanLogicAddress = await userLoanLogic. getAddress ();
const loanPoolLogic = await new LoanPoolLogic__factory (user). deploy ();
const loanPoolLogicAddress = await loanPoolLogic. getAddress ();
const liquidationLogic = await new LiquidationLogic__factory (
{
[ "contracts/hub/logic/UserLoanLogic.sol:UserLoanLogic" ] : userLoanLogicAddress ,
} ,
user
). deploy ();
const liquidationLogicAddress = await liquidationLogic. getAddress ();
const loanManagerLogic = await new LoanManagerLogic__factory (
{
[ "contracts/hub/logic/UserLoanLogic.sol:UserLoanLogic" ] : userLoanLogicAddress ,
[ "contracts/hub/logic/LoanPoolLogic.sol:LoanPoolLogic" ] : loanPoolLogicAddress ,
[ "contracts/hub/logic/LiquidationLogic.sol:LiquidationLogic" ] : liquidationLogicAddress ,
} ,
user
). deploy ();
const loanManagerLogicAddress = await loanManagerLogic. getAddress ();
const rewardLogic = await new RewardLogic__factory (user). deploy ();
const rewardLogicAddress = await rewardLogic. getAddress ();
const libraries = {
userLoanLogic ,
loanPoolLogic ,
liquidationLogic ,
loanManagerLogic ,
rewardLogic ,
};
// deploy contract
const oracleManager = await new MockOracleManager__factory (user). deploy ();
const loanManager = await new LoanManager__factory (
{
[ "contracts/hub/logic/LoanManagerLogic.sol:LoanManagerLogic" ] : loanManagerLogicAddress ,
[ "contracts/hub/logic/RewardLogic.sol:RewardLogic" ] : rewardLogicAddress ,
} ,
user
). deploy (admin , oracleManager);
// set hub role
await loanManager. connect (admin). grantRole (HUB_ROLE , hub);
// common
const loanManagerAddress = await loanManager. getAddress ();
return {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanManagerAddress ,
oracleManager ,
libraries ,
};
}
async function createLoanTypeFixture () {
const { admin , hub , user , unusedUsers , loanManager , loanManagerAddress , oracleManager , libraries } =
await loadFixture (deployLoanManagerFixture);
// create loan type
const loanTypeId = 1 ;
const loanTargetHealth = BigInt ( 2e4 );
await loanManager. connect (admin). createLoanType (loanTypeId , loanTargetHealth);
return {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanManagerAddress ,
oracleManager ,
libraries ,
loanTypeId ,
loanTargetHealth ,
};
}
async function deprecateLoanTypeFixture () {
const { admin , hub , user , unusedUsers , loanManager , loanTypeId } = await loadFixture (createLoanTypeFixture);
// deprecate loan type
await loanManager. connect (admin). deprecateLoanType (loanTypeId);
return {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanTypeId ,
};
}
async function addPoolsFixture () {
const { admin , hub , user , unusedUsers , loanManager , loanManagerAddress , oracleManager , libraries , loanTypeId } =
await loadFixture (createLoanTypeFixture);
// prepare pools
const usdcPoolId = 1 ;
const usdcPool = await new MockHubPool__factory (user). deploy ( "Folks USD Coin" , "fUSDC" , usdcPoolId);
const ethPoolId = 2 ;
const ethPool = await new MockHubPool__factory (user). deploy ( "Folks Ethereum" , "fETH" , ethPoolId);
// add pools
await loanManager. connect (admin). addPool (usdcPool);
await loanManager. connect (admin). addPool (ethPool);
return {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanManagerAddress ,
oracleManager ,
libraries ,
loanTypeId ,
usdcPoolId ,
usdcPool ,
ethPoolId ,
ethPool ,
};
}
async function addPoolToLoanTypeFixture () {
const {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanManagerAddress ,
oracleManager ,
libraries ,
loanTypeId ,
usdcPoolId ,
usdcPool ,
ethPoolId ,
ethPool ,
} = await loadFixture (addPoolsFixture);
// add pools to loan type
const rewardCollateralSpeed = BigInt ( 0 );
const rewardBorrowSpeed = BigInt ( 0 );
const rewardMinimumAmount = BigInt ( 1e18 );
const collateralCap = BigInt ( 20e6 );
const borrowCap = BigInt ( 10e6 );
const usdcCollateralFactor = BigInt ( 0 . 8e4 );
const usdcBorrowFactor = BigInt ( 1e4 );
const usdcLiquidationBonus = BigInt ( 0 . 04e4 );
const usdcLiquidationFee = BigInt ( 0 . 1e4 );
const ethCollateralFactor = BigInt ( 0 . 7e4 );
const ethBorrowFactor = BigInt ( 1e4 );
const ethLiquidationBonus = BigInt ( 0 . 06e4 );
const ethLiquidationFee = BigInt ( 0 . 1e4 );
const pools = {
USDC : {
poolId : usdcPoolId ,
pool : usdcPool ,
rewardCollateralSpeed ,
rewardBorrowSpeed ,
rewardMinimumAmount ,
collateralCap ,
borrowCap ,
collateralFactor : usdcCollateralFactor ,
borrowFactor : usdcBorrowFactor ,
liquidationBonus : usdcLiquidationBonus ,
liquidationFee : usdcLiquidationFee ,
tokenDecimals : BigInt ( 6 ) ,
} ,
ETH : {
poolId : ethPoolId ,
pool : ethPool ,
rewardCollateralSpeed ,
rewardBorrowSpeed ,
rewardMinimumAmount ,
collateralCap ,
borrowCap ,
collateralFactor : ethCollateralFactor ,
borrowFactor : ethBorrowFactor ,
liquidationBonus : ethLiquidationBonus ,
liquidationFee : ethLiquidationFee ,
tokenDecimals : BigInt ( 18 ) ,
} ,
};
await loanManager
. connect (admin)
. addPoolToLoanType (
loanTypeId ,
usdcPoolId ,
usdcCollateralFactor ,
collateralCap ,
usdcBorrowFactor ,
borrowCap ,
usdcLiquidationBonus ,
usdcLiquidationFee ,
rewardCollateralSpeed ,
rewardBorrowSpeed ,
rewardMinimumAmount
);
await loanManager
. connect (admin)
. addPoolToLoanType (
loanTypeId ,
ethPoolId ,
ethCollateralFactor ,
collateralCap ,
ethBorrowFactor ,
borrowCap ,
ethLiquidationBonus ,
ethLiquidationFee ,
rewardCollateralSpeed ,
rewardBorrowSpeed ,
rewardMinimumAmount
);
return {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanManagerAddress ,
oracleManager ,
libraries ,
loanTypeId ,
pools ,
};
}
async function createUserLoanFixture () {
const {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanManagerAddress ,
oracleManager ,
libraries ,
loanTypeId ,
pools ,
} = await loadFixture (addPoolToLoanTypeFixture);
// create user loan
const loanId = getRandomBytes (BYTES32_LENGTH);
const accountId = getAccountIdBytes ( "ACCOUNT_ID" );
const loanName = getRandomBytes (BYTES32_LENGTH);
const createUserLoan = await loanManager. connect (hub). createUserLoan (loanId , accountId , loanTypeId , loanName);
return {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanManagerAddress ,
oracleManager ,
libraries ,
createUserLoan ,
loanTypeId ,
pools ,
loanId ,
accountId ,
loanName ,
};
}
async function depositEtherFixture () {
const {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanManagerAddress ,
oracleManager ,
libraries ,
loanTypeId ,
pools ,
loanId ,
accountId ,
} = await loadFixture (createUserLoanFixture);
// prepare deposit
const depositAmount = BigInt ( 1e18 ); // 1 ETH
const depositFAmount = depositAmount;
const depositInterestIndex = BigInt ( 1e18 );
const ethPrice = BigInt ( 3000e18 ); // 3000 USDC
await pools.ETH.pool. setDepositPoolParams ({
fAmount : depositFAmount ,
depositInterestIndex ,
priceFeed : { price : ethPrice , decimals : pools.ETH.tokenDecimals } ,
});
// deposit into eth pool
const deposit = await loanManager. connect (hub). deposit (loanId , accountId , pools.ETH.poolId , depositAmount);
return {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanManagerAddress ,
oracleManager ,
libraries ,
deposit ,
loanTypeId ,
pools ,
loanId ,
accountId ,
depositAmount ,
depositFAmount ,
};
}
async function depositFEtherFixture () {
const {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanManagerAddress ,
oracleManager ,
libraries ,
loanTypeId ,
pools ,
loanId ,
accountId ,
} = await loadFixture (createUserLoanFixture);
// prepare deposit f token
const nodeOutputData = getNodeOutputData ( BigInt ( 3000e18 ));
await oracleManager. setNodeOutput (pools.ETH.poolId , pools.ETH.tokenDecimals , nodeOutputData);
const depositFAmount = BigInt ( 1e18 );
const depositInterestIndex = BigInt ( 1e18 );
await pools.ETH.pool. setUpdatedDepositInterestIndex (depositInterestIndex);
// deposit into eth pool
const depositFToken = await loanManager
. connect (hub)
. depositFToken (loanId , accountId , pools.ETH.poolId , user. address , depositFAmount);
return {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanManagerAddress ,
oracleManager ,
libraries ,
depositFToken ,
loanTypeId ,
pools ,
loanId ,
accountId ,
depositFAmount ,
};
}
async function depositEtherAndVariableBorrowUSDCFixture () {
const {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanManagerAddress ,
oracleManager ,
libraries ,
loanTypeId ,
pools ,
loanId ,
accountId ,
depositAmount ,
depositFAmount ,
} = await loadFixture (depositEtherFixture);
// set prices
const usdcNodeOutputData = getNodeOutputData ( BigInt ( 1e18 ));
await oracleManager. setNodeOutput (pools.USDC.poolId , pools.USDC.tokenDecimals , usdcNodeOutputData);
const ethNodeOutputData = getNodeOutputData ( BigInt ( 3000e18 ));
await oracleManager. setNodeOutput (pools.ETH.poolId , pools.ETH.tokenDecimals , ethNodeOutputData);
// prepare borrow
const variableInterestIndex = BigInt ( 1 . 05e18 );
const stableInterestRate = BigInt ( 0 . 1e18 );
await pools.USDC.pool. setBorrowPoolParams ({ variableInterestIndex , stableInterestRate });
await pools.USDC.pool. setUpdatedVariableBorrowInterestIndex (variableInterestIndex);
// borrow from USDC pool
const borrowAmount = BigInt ( 2000e6 ); // 3000 USDC
const borrow = await loanManager.connect(hub).borrow(loanId, accountId, pools.USDC.poolId, borrowAmount, BigInt(0));
return {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanManagerAddress ,
oracleManager ,
libraries ,
borrow ,
loanTypeId ,
pools ,
loanId ,
accountId ,
depositAmount ,
depositFAmount ,
borrowAmount ,
usdcVariableInterestIndex : variableInterestIndex ,
usdcStableInterestRate : stableInterestRate ,
};
}
async function depositEtherAndStableBorrowUSDCFixture () {
const {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanManagerAddress ,
oracleManager ,
libraries ,
loanTypeId ,
pools ,
loanId ,
accountId ,
depositAmount ,
depositFAmount ,
} = await loadFixture (depositEtherFixture);
// set prices
const usdcNodeOutputData = getNodeOutputData ( BigInt ( 1e18 ));
await oracleManager. setNodeOutput (pools.USDC.poolId , pools.USDC.tokenDecimals , usdcNodeOutputData);
const ethNodeOutputData = getNodeOutputData ( BigInt ( 3000e18 ));
await oracleManager. setNodeOutput (pools.ETH.poolId , pools.ETH.tokenDecimals , ethNodeOutputData);
// prepare borrow
const variableInterestIndex = BigInt ( 1 . 05e18 );
const stableInterestRate = BigInt ( 0 . 1e18 );
await pools.USDC.pool. setBorrowPoolParams ({ variableInterestIndex , stableInterestRate });
await pools.USDC.pool. setUpdatedVariableBorrowInterestIndex (variableInterestIndex);
// borrow from USDC pool
const borrowAmount = BigInt ( 1000e6 ); // 1000 USDC
const borrow = await loanManager
. connect (hub)
. borrow (loanId , accountId , pools.USDC.poolId , borrowAmount , stableInterestRate);
return {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanManagerAddress ,
oracleManager ,
libraries ,
borrow ,
loanTypeId ,
pools ,
loanId ,
accountId ,
depositAmount ,
depositFAmount ,
borrowAmount ,
usdcVariableInterestIndex : variableInterestIndex ,
usdcStableInterestRate : stableInterestRate ,
};
}
async function depositEtherAndVariableBorrowEtherFixture () {
const {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanManagerAddress ,
oracleManager ,
libraries ,
loanTypeId ,
pools ,
loanId ,
accountId ,
depositAmount ,
depositFAmount ,
} = await loadFixture (depositEtherFixture);
// set prices
const ethNodeOutputData = getNodeOutputData ( BigInt ( 3000e18 ));
await oracleManager. setNodeOutput (pools.ETH.poolId , pools.ETH.tokenDecimals , ethNodeOutputData);
// prepare borrow
const variableInterestIndex = BigInt ( 1 . 05e18 );
const stableInterestRate = BigInt ( 0 . 08e18 );
await pools.ETH.pool. setBorrowPoolParams ({ variableInterestIndex , stableInterestRate });
await pools.ETH.pool. setUpdatedVariableBorrowInterestIndex (variableInterestIndex);
// borrow from ETH pool
const borrowAmount = BigInt ( 1e18 ); // 0.5 ETH
const borrow = await loanManager. connect (hub). borrow (loanId , accountId , pools.ETH.poolId , borrowAmount , BigInt ( 0 ));
return {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanManagerAddress ,
libraries ,
borrow ,
loanTypeId ,
pools ,
loanId ,
accountId ,
depositAmount ,
depositFAmount ,
borrowAmount ,
ethVariableInterestIndex : variableInterestIndex ,
};
}
async function depositEtherAndStableBorrowEtherFixture () {
const {
admin ,
hub ,
user ,
unusedUsers ,
loanManager ,
loanManagerAddress ,
oracleManager ,
libraries ,
loanTypeId ,
pools ,
loanId ,
accountId ,
depositAmount ,
depositFAmount ,
} = await loadFixture (depositEtherFixture);
// set prices
const ethNodeOutputData = getNodeOutputData ( BigInt ( 3000e18 ));
await oracleManager. setNodeOutput (pools.ETH.poolId , pools.ETH.tokenDecimals , ethNodeOutputData);
// prepare borrow
const variableInterestIndex = BigInt ( 1 . 05e18 );
const stableInterestRate = BigInt ( 0 . 08e18 );
await pools.ETH.pool. setBorrowPoolParams ({ variableInterestIndex , stableInterestRate });
await pools.ETH.pool. setUpdatedVariableBorrowInterestIndex (variableInterestIndex);
// borrow from ETH pool
const borrowAmount = BigInt ( 0 . 5e18 ); // 0.5 ETH
const borrow = await loanManager
. connect (hub)
. borrow (loanId , accountId , pools.ETH.poolId , borrowAmount , stableInterestRate);
return {
admin ,