You Have To Know These 13 Critical Liquidation Vulnerabilities
HTML-код
- Опубликовано: 7 окт 2024
- Are you a security researcher looking to join a world-class team? Apply to open positions at Guardian here: guardianaudits...
10:00 Insolvent vs Liquidatable
15:41: 1# Liquidation reverts due to blacklisted tokens
20:59 2# Liquidation reverts due to Zero transfers.
22:13 3# isLiquidatable doesn't account for fees
24:23 4# Liquidation should be collecting the latest fees
24:57 5# Liquidation reverts when position becomes insolvent
27:37 6# Liquidation reverts when a position cannot cover the fees
30:42 7# Liquidation reverts due to accounting errors
31:24 8# Liquidations do not prioritize the lowest LTV asset
37:33 9# Liquidations required too much gas
38:33 10# Liquidation doesn't prioritize the caller fee
40:17 11# Liquidations cause users to lose rewards they have accumulated.
41:36 12# Users can force themselves to be liquidatable
45:27 13# Positions in profit can still be liquidatable
Want to become an expert security researcher in a matter of months?
Get the guide to becoming a senior auditor in 6 months here: www.intogatewa...
Looking for a Smart Contract Audit? Apply to work with the Guardian team on our website: guardianaudits...
Join our community aimed at building and sharing a wealth of blockchain and solidity knowledge to help developers/auditors of all levels transform the web3 ecosystem.
lab.guardianau...
Early on before 6 minutes of the video was reached there was an error in speech. In mentioning the delta between $1 of USDC and $0.90 USDC he made a mistake twice and said $90.00. Just clearing that up for the newcomers. I like your work Owen, keep it up 😊
Haha appreciate it ser!
This was a very helpful video Owen!
10:00 Insolvent vs Liquidatable
15:41: 1# Liquidation reverts due to blacklisted tokens
20:59 2# Liquidation reverts due to Zero transfers.
22:13 3# isLiquidatable doesn't account for fees
24:23 4# Liquidation should be collecting the latest fees
24:57 5# Liquidation reverts when position becomes insolvent
27:37 6# Liquidation reverts when a position cannot cover the fees
30:42 7# Liquidation reverts due to accounting errors
31:24 8# Liquidations do not prioritize the lowest LTV asset
37:33 9# Liquidations required too much gas
38:33 10# Liquidation doesn't prioritize the caller fee
40:17 11# Liquidations cause users to lose rewards they have accumulated.
41:36 12# Users can force themselves to be liquidatable
45:27 13# Positions in profit can still be liquidatable
Ty ser
Very good content, very helpful
Epic as always!
Appreciate you ser 🫡
fire content
@Owen, Please add this video to Ur Playlist "Web3 Security 101"
As always, thank you, Owen, for such a brilliant video.
I have one question, more like a comment. Regarding the strategy shared at the end, can that really be considered high-risk, considering the profit is likely to be insignificant if the position is liquidated immediately upon crossing the insolvency threshold? I understand you mentioned using high leverage, but I'm assuming the following:
- The price of assets has 6 - 8 decimals (going by Chainlink standard).
- The position is liquidated immediately when the smallest decimal unit hits the insolvency threshold.
Unless the platform offers leverage of up to 1e10% (which is unrealistic), it's kind of difficult to see how this could be profitable.
Thanks again for the consistent drop of quality content.
Decimals shouldn't really have an effect here, not sure where the 1e10 figure is coming from
@@0xOwenThurm
I believe my confusion stems from the point where the protocol crosses the insolvency threshold. Here are my questions:
- Are we assuming that the protocol still cannot immediately close your position once you cross the insolvency threshold, just as it was unable to do at the liquidation threshold? In other words, does the protocol remain incapable of closing the position until you (the trader) manually do so?
- My initial comment was based on the assumption that the protocol can promptly close the position as soon as it crosses the insolvency threshold, which I now believe may have been wrong.
- The use of decimals and the value 1e10 (which is an arbitrary value) only comes into play if my assumptions were correct. However, it seems I may have misunderstood the original idea.
Great work man. I am just not able to get the rationale behind #4, what do we actually mean by latest fees, as you said interest fee, borrowing fee, I mean in #3 we have already highlighted to account for any type of fees?
In one we need to make sure that the fees do not cause underflow reverts, and in another we need to make sure that the fees are updated to the latest block.timestamp
@@0xOwenThurm got it. thanks man
💙
Amazing content, fren! Could u please share the name of the protocol you were reviewing in this video?
❤