Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Redundant User Liquidation Fields in userData Struct in LendingPool

bshyuunn

01. Relevant GitHub Links

02. Summary

In the LendingPool contract, there is a userData mapping that stores user information in a UserData struct. This struct contains two liquidation-related fields (underLiquidation and liquidationStartTime), but these values are never actually used or updated in the code. Instead, the contract relies on two separate mappings, isUnderLiquidation and liquidationStartTime, to track a user’s liquidation status. Because userData is publicly accessible, off-chain applications or external systems might rely on the unused fields and risk referencing outdated or incorrect data.

03. Vulnerability Details

Within the contract, userData is declared as:

mapping(address => UserData) public userData;

And the UserData struct includes:

struct UserData {
uint256 scaledDebtBalance;
uint256[] nftTokenIds;
mapping(uint256 => bool) depositedNFTs;
bool underLiquidation;
uint256 liquidationStartTime;
}

However, the contract actually updates and references:

mapping(address => bool) public isUnderLiquidation;
mapping(address => uint256) public liquidationStartTime;

The two fields in UserData (underLiquidation and liquidationStartTime) are never used or updated. Because userData is a public mapping, users or off-chain services may inadvertently rely on the outdated UserData fields, causing confusion or incorrect assumptions about a user’s liquidation status.

04. Impact

  • Users or third-party services referencing userData[addr].underLiquidation or userData[addr].liquidationStartTime could be misled since these fields do not reflect the actual contract state.

  • Any off-chain logic built around these unused fields could produce erroneous decisions (e.g., incorrectly assuming a user is or is not under liquidation).

05. Tools Used

Manual Code Review and Foundry

06. Recommended Mitigation

mapping(address => UserData) public userData;
struct UserData {
uint256 scaledDebtBalance;
uint256[] nftTokenIds;
mapping(uint256 => bool) depositedNFTs;
- bool underLiquidation;
- uint256 liquidationStartTime;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!