Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

When `LendingPool` is paused, the user who were put to liquidation cannot repay and will be liquidated if the unpausing happens when their grace period ends

CODESPECT

Summary

In LendingPool, when a user becomes under liquidation, he has a certain grace period to repay his debt before his liquidation gets finalized. However, if the contract is paused, the user can't repay his debt and the grace period is passing. During LendingPool pauses, all under liquidation users can lose their grace period to repay their debt and instantly become liquidated when the contract gets unpaused.

Vulnerability Details

The liquidation process in LendingPool has 3 steps:

initiateLiquidation puts an address with a bad health factor under liquidation. This address now has liquidationGracePeriod time to repay his debt.
Grace period time is when the address can repay the debt and call closeLiquidation which will remove the address from being under liquidation.
If grace period has passed, finalizeLiquidation can be called to complete the process.

However, if the protocol is paused, the user can neither call repay or closeLiquidation as they are protected by the whenNotPaused modifier:

@> function repay(uint256 amount) external nonReentrant whenNotPaused onlyValidAmount(amount) {

_repay(amount, msg.sender);

}

function repayOnBehalf(uint256 amount, address onBehalfOf)

external

nonReentrant

@> whenNotPaused

onlyValidAmount(amount)

{

if (!canPaybackDebt) revert PaybackDebtDisabled();

if (onBehalfOf == address(0)) revert AddressCannotBeZero();

_repay(amount, onBehalfOf);

}

@> function closeLiquidation() external nonReentrant whenNotPaused {

address userAddress = msg.sender;

if (!isUnderLiquidation[userAddress]) revert NotUnderLiquidation();

// update state

ReserveLibrary.updateReserveState(reserve, rateData);

if (block.timestamp > liquidationStartTime[userAddress] + liquidationGracePeriod) {

revert GracePeriodExpired();

}

Impact

When the protocol gets paused, all under liquidation addresses are unable to repay and closeLiquidation. However, the grace period keeps passing which means that when the protocol gets unpaused many users will be able to have their liquidations finalized without the opportunity of closing them, as they are supposed to.

Tools Used

Manual review

Recommendations

Possibly rethink the liquidation process and not allow a grace period for any user. Another solution is to internally keep track of the time the protocol gets paused and extend the current liquidations by that time.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.