Summary

The LendingPool contract’s NFT collateral withdrawal design allows an attacker to partially repay debt and then withdraw collateral in such a way that the remaining collateral is insufficient to safely back the outstanding debt. This vulnerability enables a malicious user to manipulate their collateral position, which is contrary to the intended design of maintaining a safe collateralization ratio, and may expose the protocol to undercollateralized positions and increased liquidation risk.

Vulnerability Details

The LendingPool contract permits a scenario where a malicious user, possessing multiple NFTs as collateral, can strategically reduce their outstanding debt through a partial repayment and then withdraw part of their collateral—even when such actions undermine the intended collateralization requirements.

In this scenario, a user with bad debt can “game” the system by:

• Depositing multiple NFTs as collateral.

• Borrowing an amount against the total collateral.

• Partially repaying (e.g., paying only 45% of the debt), thereby reducing nominal debt without proportionally reducing overall risk.

• Withdrawing a portion of the collateral (for example, withdrawing two out of three NFTs) even though the remaining collateral might not sufficiently cover the residual debt at the required liquidation threshold.

• The issue stems from the logic used in the withdrawNFT() function. When a user initiates an NFT withdrawal, the contract computes:

  • The total collateral value (sum of the deposited NFTs).

  • The value of the NFT proposed for withdrawal.

  • The user’s debt (scaled with accrued interest) is adjusted by applying the liquidation threshold via the percentMul utility.

• This evaluates the withdrawal of each NFT independently. This per-withdrawal check may allow a malicious user to withdraw collateral piecewise without considering that subsequent withdrawals further reduce overall collateralization, thereby leaving an undercollateralized position that could become vulnerable if the price of the remaining NFT drops over time.

Proof of Concept: LendingPool Collateral Gaming (3 Months)

This ia a subtle attack, if the attacker knows that one of the NFT he provided as collateral can depreciate based on the market speculation.

Initial Setup

1. Initial State:

   • User deposits 3 NFTs (each valued at 100 USD, total = 300 USD)

   • User borrows 200 USD against this collateral

   • Protocol enforces 80% liquidation threshold

2. After 3 Months:

   • Initial debt of 200 USD grows to 201.70 USD (interest accrued)

   • User repays 90 USD (≈45% of original debt)

   • Remaining debt = 111.70 USD

3. Gaming Steps:

   • User withdraws first NFT:

     • Pre-withdrawal collateral: 300 USD

     • Post-withdrawal collateral: 200 USD

     • Check passes as 200 USD > (111.70 * 1.25)

   • User withdraws second NFT:

     • Pre-withdrawal collateral: 200 USD

     • Post-withdrawal collateral: 100 USD

     • Check passes despite being undercollateralized

4. Final Position:
   Value Extracted:

   • 200 USD (initial borrowed amount)

   • 200 USD (2 withdrawn NFTs)

   • 90 USD (amount repaid)
     = 310 USD total extracted

   Value Abandoned:

   • 100 USD (1 NFT left as collateral)

   • 111.70 USD (remaining debt)
     = 211.70 USD total abandoned

   Net Profit = 98.30 USD

5. Key Observations:

   • Protocol loses ~11.70 USD (debt exceeds remaining collateral)

   • Attack more profitable in shorter timeframe due to less interest accrual

   • Remaining NFT likely to depreciate, increasing potential losses

Test

Output

Initial Position:

Deposited: 3 NFTs (300 USD total)
Borrowed: 200 USD

After 3 Months:

Debt grew to: 201.70 USD (interest accrued)
Repaid: 90 USD
Remaining debt: 111.70 USD

Attacker's Profit Calculation:

Value Gained:

• Initial borrow: 200 USD

• Retrieved 2 NFTs: 200 USD Total Gained = 400 USD

Value Lost/Abandoned:

• Repaid: 90 USD
  Left 1 NFT: 100 USD
  Remaining debt: 111.70 USD

• Total Lost = 301.70 USD
  Net Profit = Value Gained - Value Lost = 400 - 301.70 = 98.30 USD

The attacker profits by:

• Getting immediate access to 200 USD from borrowing

• Only repaying 90 USD (45%)

• Successfully withdrawing 2 NFTs worth 200 USD

• Defaulting on remaining debt of 111.70 USD

• Abandoning 1 NFT worth 100 USD

Impact

• Potential Protocol Insolvency: Sustained gaming may lead to accumulation of bad debt, exposing the protocol to solvency issues.

• Interest Revenue:

  • Users default on high-interest debt and protocol loses expected interest income

  • Revenue projections become unreliable

• Increased Risk of Liquidations: With less collateral backing the remaining debt, legitimate liquidators may struggle to accurately trigger liquidations.

• Economic Model Disruption:

  • Interest accrual becomes meaningless if borrowers can game the system

  • Risk parameters (like liquidationThreshold) become ineffective

  • Protocol's revenue model is undermined

• Undercollateralized Positions: Permits users to reduce collateral below safe levels, making the system vulnerable if asset prices drop.

Tools Used

Manual code review

Recommendations

Allow only full repayment before NFT can be withdrawn from the protocol