Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Insufficient Collateral Check in Borrow Function

nourelden

Vulnerability Details

In the borrow function of the LendingPool contract, the collateral check contains an off-by-one error in its inequality comparison. The current implementation uses a strict less-than (<) comparison when verifying if the collateral value meets the liquidation threshold requirement.

This allows a scenario where:

collateralValue == userTotalDebt.percentMul(liquidationThreshold)

to pass the check and enable borrowing, even though this represents the exact liquidation threshold where the position should be considered unsafe.

Impact

  1. Allows creation of immediately liquidatable positions

  2. Users can borrow up to the absolute maximum without safety margin

  3. Puts protocol funds at risk if asset prices decrease even slightly

  4. Violates core protocol safety mechanisms designed to maintain over-collateralization

Recommendations

Modify the inequality check to use less-than-or-equal-to:

- if (collateralValue < userTotalDebt.percentMul(liquidationThreshold)) {
+ if (collateralValue <= userTotalDebt.percentMul(liquidationThreshold)) {
revert NotEnoughCollateralToBorrow();
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!