The user can be liquidated as soon as the contract is unpaused, leaving no chance for repayment
Summary
As part of the LendingPool.sol, if the liquidation has already been initiated, the protocol is paused, and the initial liquidation grace period expires in the meantime, the user can be immediately liquidated once the protocol is unpaused, shortening the initial grace period and reducing the user's chances to repay their debt
Vulnerability Details
Inside the LendingPool contract, users can borrow funds against their collateral. The liquidation process occurs in two steps. First, liquidation is initiated, marking the user's position as liquidatable. However, the user has a three-day grace period to repay their debt and close the liquidation. If the protocol is paused at any time during the grace period, the user will not be able to repay their debt. After the initial grace period has expired (while the protocol is paused), the user will be liquidated immediately once the protocol is unpaused, leaving the user with no chance to repay their debt and shortening their grace period.
NOTE: The current implementation allows liquidation to finalize even if the LendingPool is paused, which is another case. However, assuming that liquidation finalization is not possible when the LendingPool is paused, this scenario will still play out.
POC
Imagine the following scenario:
The initial grace period is set to 3 days.
The user becomes eligible for liquidation (for whatever reason).
1 day passes.
The LendingPool gets paused.
2 additional days pass.
The initial grace period (3 days) expires.
The protocol gets unpaused.
Liquidation is finalized immediately.
The consequence of this scenario is the unfair shortening of the initial grace period from 3 days to 1 day, during which the user had an actual opportunity to repay their debt.)
Impact
Medium - since the repayment window can be unfair for the borrowers if the protocol is paused during the grace period (after the liquidation has been initiated)
Tools Used
VS Code
Recommendations
When unpausing the LendingPool, consider adding additional time (e.g., 1 day) to the initial grace period to ensure fairness and provide users with the opportunity to repay their debts after the contract is unpaused
Lead Judging Commences
Unfair Liquidation As Repayment / closeLiquidation Paused While Liquidations Enabled
Unfair Liquidation As Repayment / closeLiquidation Paused While Liquidations Enabled
Appeal created
Unfair Liquidation As Repayment / closeLiquidation Paused While Liquidations Enabled
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.