Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Partial liquidation is not possible if `StabilityPool` has insufficient funds

alexczm

Summary

Liquidation works on all or nothing basis. If StabilityPool doesn't have enough assets to cover the debt, the liquidation reverts.
The lack of a partial liquidation feature leads to the accumulation of interest on the debt, eventually resulting in bad debt.

Vulnerability Details

Users can deposit RAACNft as colateral in LendingPool and borrow against it. If their health factor becomes unhealthy, the liquidation is started. After grace period expires, onlyManagerOrOwner can call liquidateBorrower.

function liquidateBorrower(address userAddress) external onlyManagerOrOwner nonReentrant whenNotPaused {

_update();

// Get the user's debt from the LendingPool.

uint256 userDebt = lendingPool.getUserDebt(userAddress);

uint256 scaledUserDebt = WadRayMath.rayMul(userDebt, lendingPool.getNormalizedDebt());

if (userDebt == 0) revert InvalidAmount();

uint256 crvUSDBalance = crvUSDToken.balanceOf(address(this));

@> if (crvUSDBalance < scaledUserDebt) revert InsufficientBalance();

...

}

This function checks if StabilityPool has enough funds to cover the debt and, if not, it reverts.
StabilityPool doesn't implement a partial liquidation function, resulting in an inability to reduce the unhealthy positions size.

Impact

Protocol can't reduce the size of unhealthy positions, leading to the accumulation of more debt than necessary. Over time, this may result in the accumulation of bad debt.

Tools Used

Recommendations

Implement a new function in StabilityPool that allows onlyManagerOrOwner to partially liquidate an unhealthy position. LendingPool::finalizeLiquidation should be updated, or a new similar function to be implemented to reduce a borrower's position by a given amount and transfer only selected NFT/ NFTs to StabilityPool.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Validated

Assigned finding tags:

StabilityPool has no ability to liquidate large positions due to all-or-nothing design - partial liquidation not supported, risking protocol insolvency

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.