Liquidation can be exploited by the liquidator to maximize their gains at the expense of the defaulter, resulting in the liquidation of almost all of the defaulter's collateral. To address this, the liquidate code should be updated to ensure that the liquidator can only withdraw an amount that is necessary to help the defaulter recover their account to a healthier state. Currently, the liquidator can use debtToCover to liquidate the entirety of the defaulter's collateral, leaving the defaulter with very little.
Due to excessive liquidation, the user may experience losses of some or all of their tokens, as the liquidation occurs at a discount rather than at par or premium.
Manual Review
To mitigate this issue, it is advisable to modify the code and restrict liquidators to withdraw only the number of tokens required to restore the user's health factor. This safeguard will prevent excessive liquidation and potential losses for the user.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.