Decent Grape Shell - Liquidators can seize the mTokens from a borrower even though the borrower hasnt entered the mToken market. #1472
Description
Decent Grape Shell
Medium
Liquidators can seize the mTokens from a borrower even though the borrower hasnt entered the mToken market.
Summary
Liquidators can seize the mTokens from a borrower even though the borrower hasnt entered the mToken market.
A user can receive mTokens via transfer and decides not to be used for collatteral. These mTokens will not be calculated for its healthCheck unless the user decided to enter the mToken market. code
But liquidator can seize these mTokens as collatteral if borrowers position position become liquidatable in other market where borrower is active.
Root Cause
Code is not checking whether the borrower has entered the mToken market with their mToken holdings. It just evaluate its balacnes before letting the liquidator to seize() code
require(ImToken(mTokenCollateral).balanceOf(borrower) >= seizeTokens, mt_LiquidateSeizeTooMuch());Internal Pre-conditions
nil
External Pre-conditions
nil
Attack Path
Liuidator can provide mToken collateral as mTokenA to liquidate a borrower even though the borrower doesnt enter mTokenA market but holds mTokenA.
As a result mTokenA will get seized from borrower.
Impact
users who dont enter the mToken market will still get seized for their mToken holdings.
PoC
nil