Core Contracts

Summary

The finalizeLiquidation function in the LendingPool contract contains an unbounded loop that processes all of a user's deposited NFTs in a single transaction. If a user has deposited a large number of NFTs, the gas required to process this loop could exceed the block gas limit, causing the function to fail with an "out of gas" error.

Details

Normally, since NFTs are houses, one user holding hundreds of house NFTs doesn’t seem that feasible. But I look at the real world, and think of a scenario where an organization is just buying more and more houses for a business, either renting them, or for some other reasons. Or, a collective multisig buying a whole bunch of house NFTs for a collective living arrangement. In that case, there’s a chance that that very user, in the scenario where they are liquidatable, they cannot be liquidated due to OOG on LendingPool::finalizeLiquidation

Look at this block in finalizeLiquidation function:

Imagine that the collective multisig that’s holding all those NFT houses should be liquidated for this or that reason. Since this function is the only way to do so, in the case of large NFT sums, this function will always revert due to OOG. The user could never be liquidated, putting the protocol into bad debt and causing insolvency.

Just as an example, think of how expensive transferFrom function will get, each and every time.

Impact

If a user deposits a sufficiently large number of NFTs as collateral, their position could become "unliquidatable" due to the gas limitations. This breaks a core mechanism of the protocol and could lead to bad debt that cannot be recovered, threatening the protocol's solvency.

Recommendation

I think the best way to approach this issue could be to handle NFTs in batches, or instead of immediately transferring the NFT in the loop, you can use a pull method where you write it somewhere else, and add a function that would transfer the required NFTs separately.