Users under liquidation can deposit further collateral which may lead to financial loss
Summary
In LendingPool, users can deposit collateral NFTs so that they can borrow other assets. When the health factor (ratio of collateral value/debt value for a user) drops below a certain threshold, a liquidation process can be initiated. Once under liquidation, users may decide to deposit further NFTs and technically they will be able to do so, however, the code logic will not allow recalculation of the health factor and the users will lose all their collateral unless they pay the debt. In addition to that, users will also not be able to withdraw the newly deposited NFTs.
Vulnerability Details
In LendingPool we can observe that the depositNFT function is callable even under liquidation:
The health factor is calculated by fetching the prices of NFTs and user debt and performing calculations based on these values:
The only way to cancel the liquidation process is to pay the debts - we can see that the health factor is not recalculated in this function.
Impact
Users under liquidation may assume that further collateral deposits will improve their health factor and consequently cancel the liquidation process, however, their position will still be liquidated.
Tools Used
Manual review
Recommendations
Consider restricting depositNFT so that it can only be called when users are not being liquidated similarly to NFT withdrawals:
Alternatively, allow users to deposit further NFTs and perform a recalculation of the health factor when these actions occur.
Lead Judging Commences
Users can deposit NFTs using LendingPool::depositNFT while under liquidation, leading to unfair liquidation of NFTs that weren't part of original position
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.