Incorrect check will lead to undercollateralized accounts
Summary
Incorrect check will lead to undercollateralized accounts
Vulnerability Details
Upon a user calling LendingPool::withdrawNFT() which essentially withdraws collateral, we have the following check to determine whether he is leaving himself undercollateralized:
The liquidationThreshold is a value under 100%, initially set to 80% during the initialization of the contract. This leads to a completely incorrect result as we are reducing the debt by 20% in the above check.
Let's imagine the scenario with some numbers:
user's collateral is 100$ and user's debt is 120$, he is clearly undercollateralized
the check would be
100 < 120 * 0.8->100 < 96->falsewhich leads to the check passing successfully
Impact
Severely undercollateralized positions are possible which is detrimental to the protocol
Tools Used
Manual Review
Recommendations
The liquidation threshold percentage must be applied to the collateral
Lead Judging Commences
LendingPool::borrow as well as withdrawNFT() reverses collateralization check, comparing collateral < debt*0.8 instead of collateral*0.8 > debt, allowing 125% borrowing vs intended 80%
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.