[WP-H4] The collateral assets impounded with settleBadDebt()
will be frozen in the insuranceFund
contract
#101
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate
This issue or pull request already exists
Lines of code
https://github.com/code-423n4/2022-02-hubble/blob/ed1d885d5dbc2eae24e43c3ecbf291a0f5a52765/contracts/MarginAccount.sol#L373-L380
Vulnerability details
In
MarginAccount.sol#settleBadDebt()
, the collateral assets will be seized and transferred to theinsuranceFund
contract.However, there is no way for the liquidity providers of the
insuranceFund
to get back the collateral assets.In the current implementation, these collateral assets seized during
settleBadDebt()
will be frozen in the contract, in essence. They belong to the liquidity providers and they should be able to retrieve them.https://github.com/code-423n4/2022-02-hubble/blob/ed1d885d5dbc2eae24e43c3ecbf291a0f5a52765/contracts/MarginAccount.sol#L373-L380
Recommendation
Consider adding a new method for the liquidity providers to claim certain collateral assets proportionally to the shares they held.
The text was updated successfully, but these errors were encountered: