| SIP | 0087 |
|---|---|
| Title | Loans contract hardening against liquidation circumvention via refund reverts |
| Author | Tyrone Johnson (@tjcloa), cowsant (@cwsnt), devtective (@jjmr007) |
| Status | Approved |
| Track | Contract |
| Created | 2025-09-16 |
This SIP proposes an upgrade to the Loans contract to address a critical vulnerability discovered by a researcher within the Sovryn bug bounty program and reported via Immunefi. The vulnerability allows malicious actors to prevent liquidation or rollover of their unhealthy loans by providing a borrower address that reverts on receiving a refund, thereby creating unliquidatable debt.
A vulnerability was discovered in the Sovryn protocol contract where, during loan closure (via rollover or liquidation), a refund of fees is sent to the borrower. If the fee is collected in RBTC, it is unwrapped and sent directly to the borrower's address. An attacker can exploit this by creating a loan or margin position with a borrower address set to a smart contract that reverts conditionally upon receiving the refund. When forced to close, this causes the entire liquidation or rollover transaction to revert, making the unhealthy loan unliquidatable and potentially harming the protocol's solvency.
To mitigate this vulnerability, the Loans contract will be updated to:
- Implement a safe refund mechanism that does not revert the entire transaction if the refund to the borrower fails.
- If a refund transfer fails (e.g., due to a revert in the recipient contract), the protocol will send the refund amount to the FeeSharingCollector smart contract. This means the failed refund will be distributed to Sovryn voluntary stakers, rather than being lost or stuck.
- This approach ensures that loans can always be rolled over and unhealthy loans liquidated, regardless of the borrower's address behavior, and that any unclaimable refunds are still returned to the Sovryn community.
- Update the protocol contract logic to use a non-reverting refund pattern using
callmethod handling failure gracefully. - If a refund transfer fails, forward the refund amount to the FeeSharingCollector contract for distribution to stakers.
- Add an event to log failed refunds and their redirection for transparency.
- PR: DistributedCollective/Sovryn-smart-contracts#559
| Loan Module Contracts | Existing addresses | New addresses |
|---|---|---|
| LoanClosingsRollover | 0x2add8EfebD9477222784468f63F27e4cf6B7A8Ea | 0xc7AEa780c8b891e2c101a9ED2f9EaCF87FFdc359 |
| LoanClosingsWith | 0xa9a268388D5c317E5F3EBd7C8e8E6c48a0BaFC9A | 0x47eCc9391fd6f5761B8d24139f36Ce61fF6a9819 |
| LoanClosingsLiquidation | 0xdC74C456457d769399e8DA8b49500E31E5b223Df | 0xd01B701b7b01541C2683617cA2d5B58bB6896524 |
| SwapsImplSovrynSwapLib | 0x98399051DC17bAFb621269A12a63d70b2D615C69 | 0x47Dc479cA058B4BB7C4AD9D56EE3a029236b88A8 |
Copyright and related rights waived via CC0.