The calculation of debt does not consider the full interest fee, resulting in less debt than expected during liquidation.
Summary
The function LendingPool::closeLiquidation allows users to repay their debt and make their position non-liquidatable.
Vulnerability Details
In the function LendingPool::closeLiquidation, the debt is calculated as follows:
However, if we analyze how user.scaledDebtBalance is accounted for, it is computed as:
borrowedAmount / index
This method calculates the less than the debt actually the user have let's take with the example,
Let's say user takes a debt of 10,000 tokens, with currentIndex = 1.09,
Later when the currentIndex = 1.14 the debt will be ,
While the actual interest the user has to pay is = (1.14 - 1.09) \* 10,000 = 500(interest)
Hence the calculated Debt(Interest+ debt) will always be less that it should be.
This incorrect calculation also appears in the function:
As a result, even if a position is liquidatable, it may not be liquidated, leading to potential losses for the protocol. As the debt calculated will be less than the real debt.
Impact
The incorrect debt calculation prevents liquidations, allowing undercollateralized positions to remain open, which can lead to protocol insolvency and financial losses. Malicious users may exploit this to accumulate bad debt, putting lenders and liquidity providers at risk.
Tools Used
Manual Review
Recommendations
Correct the debt calculation by ensuring that
user.scaledDebtBalanceis multiplied by the index twice.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.