Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Liquidation Process Limited to Stability Pool

mill1995

Summary

The LendingPool contract implements a restrictive liquidation mechanism where only the Stability Pool contract can execute liquidations. This design choice deviates from industry standards and could lead to inefficiencies in the liquidation process.

Vulnerability Details

The liquidation process is controlled through the onlyStabilityPool modifier in the finalizeLiquidation() function:

function finalizeLiquidation(address userAddress) external nonReentrant onlyStabilityPool {}

This creates a centralized point of control where only one entity can perform liquidations, contrary to traditional DeFi lending platforms like Aave or Compound where liquidations are permissionless and can be executed by any external party.

Impact

  • The RAAC Team needs to monitor all Borrow activities to handle liquidations in time

  • Single point of failure through Stability Pool

  • Increased risk during high market volatility

  • Potential for delayed liquidations if Stability Pool is congested

Tools Used

  • Manual Review

Recommendations

Implement a permissionless liquidation mechanism + an incentive to call the liquidate function.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Appeal created

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

No incentive to liquidate

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!