Moonwell

Summary

Liquidators are incentivized to perform liquidations and contribute to the protocol's solvency through a Liquidation Incentive. This incentive consists of two components:

• 7% Liquidator Bonus: Liquidators receive this incentive for successfully executing liquidations and contributing to the protocol's efficiency.

• 3% Reserve Allocation: A portion of the incentive is allocated to the protocol reserves.

Further more, during liquidation, all of the user's collateral are transferred to the liquidator and accountTokens[user] deleted. If the borrower's collateral exceeds the amount of debt owed, they will not receive any compensation for the additional collateral provided.

Vulnerability Details

This is where the transfer of user collateral to the liquidator happens.

After the transfer, the user's accountTokens[user] gets deleted, zeroing out the user's tokens.

Scenario

Example

• User deposits $1000 of USDC to the protocol as collateral.

• The collateral factor of USDC is 60%.

• Calculate the "Credit Limit"

• Credit Limit = $1000 * 0.6 = $600

Therefore, in this example, the credit limit of $600.

From this, collateral=$1000 which is greater than Credit Limit=$600.
In the event that the user borrows the whole Credit Limit and hit $0 Credit Remaining, they become eligible for liquidation.

Impact

When a liquidator steps in to fix this user, they get to take the whole collateral=$1000 without any surplus, in this case (collateral- Credit Limit =$400) being compensated back to the user.

Tools Used

Manual Review

Recommendations

Consider implementing a mechanism to return excess collateral to borrowers after their debt has been settled and any fees or penalties have been deducted. This ensures that borrowers are not unfairly deprived of their surplus assets.