Core Contracts

Summary

Mechanism for closing a liquidation is problematic and will lead to issues

Vulnerability Details

LendingPool has a mechanism where a liquidation is initiated and then there is a grace period. During the grace period, the to be liquidated user can repay his debt and call closeLiquidation() to avoid getting liquidated. If he doesn't repay his debt, he will get liquidated after the grace period.

The issue with the mechanism is that repaying the debt without manually calling closeLiquidation() still leaves the user liquidatable. This creates many different scenarios that can occur which can be problematic, particularly for the user to be liquidated:

• a liquidation can be initiated for a user and then the user repays his debt, he doesn't know there was a liquidation initiated for him, thus he doesn't manually call closeLiquidation(), this will result in the user getting liquidated after the grace period (there is no health check upon finalizing the liquidation) OR if no one liquidates him, he can never borrow again as there is a check whether a user is under a liquidation which will fail

• a user can repay the debt towards the end of the grace period and upon trying to close the liquidation, either due to a network congestion or a malicious entity using block stuffing, the close call might not get through, then the same 2 impacts can occur as the above bullet

Impact

Users can be liquidated and their collateral can be taken unfairly OR they might not be able to borrow ever again

Tools Used

Manual Review

Recommendations

Upon a user repaying, if there is an initiated liquidation for him, then call closeLiquidation() directly for him