Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

`LendingPool::borrow` Lacks Buffer Liquidity Check Allowing Full Liquidity Drainage

0xdarko

Summary

The LendingPool::borrow function fails to enforce the protocol's liquidity buffer ratio, allowing users to borrow all available liquidity and potentially leaving the protocol unable to process withdrawals.

Vulnerability Details

[](https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/pools/LendingPool/LendingPool.sol#L325C3-L369C6)

[](https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/pools/LendingPool/LendingPool.sol#L92C1-L93C56)

The protocol has a liquidityBufferRatio set to 20% (2000 basis points):

uint256 public liquidityBufferRatio = 20_00; // 20%

However, in the borrow function, while collateral checks are performed, there is no check to ensure the borrow respects the buffer ratio:

function borrow(uint256 amount) external {
// Checks collateral
if (collateralValue < userTotalDebt.percentMul(liquidationThreshold)) {
revert NotEnoughCollateralToBorrow();
}
// Missing check for buffer ratio
// Should have:
// if (amount > reserve.totalLiquidity * (100 - liquidityBufferRatio) / 100)
// revert ExceedsLiquidityBuffer();
}

This allows borrowers to drain all liquidity from the protocol, even though 20% should be reserved as a buffer.
Example:

  • Total liquidity: 1000 tokens

  • Buffer requirement: 200 tokens (20%)

  • Maximum borrowable should be: 800 tokens

  • Current implementation allows borrowing all 1000 tokens

Impact

The lack of buffer check:

  • Allows complete drainage of protocol liquidity

  • Prevents protocol from maintaining required safety buffer

  • Could block withdrawals from depositors

  • Breaks core protocol features

Tools Used

Foundry

Recommendations

Add the following error to ILendingPool

error NotEnoughCollateralToBorrow();

Add buffer ratio check in borrow function:

function borrow(uint256 amount) external {
+ if (amount > reserve.totalLiquidity * (100 - liquidityBufferRatio) / 100) {
+ revert ExceedsLiquidityBuffer();
+ }
if (collateralValue < userTotalDebt.percentMul(liquidationThreshold)) {
revert NotEnoughCollateralToBorrow();
}
...
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::borrow allows borrowing beyond the 20% liquidity buffer ratio, potentially depleting available liquidity and affecting user withdrawals

Appeal created

anonymousjoe Auditor
about 1 month ago
inallhonesty Lead Judge
about 1 month ago
inallhonesty Lead Judge
about 1 month ago
inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

LendingPool::borrow allows borrowing beyond the 20% liquidity buffer ratio, potentially depleting available liquidity and affecting user withdrawals

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.