Unfair Liquidation Logic
Summary
In the LendingPool.sol contract the liquidation logic is unfair because it allows the stability pool to finalize liquidations even when the protocol is paused, while users are unable to close liquidations during the same period.
Vulnerability Details
The vulnerability arises from the protocol's handling of paused states during liquidations. When the protocol is paused, users are unable to close their liquidations, but the stability pool can still finalize liquidations once the grace period expires. This creates an unfair scenario where users are disadvantaged during emergency situations when the protocol is paused.
Impact
In the event of an emergency that causes the protocol to be paused, users will be unable to close their liquidations, potentially leading to the loss of their collateral. Meanwhile, the stability pool can finalize these liquidations, resulting in an unfair advantage. This can lead to financial losses for users and damage the trust and integrity of the protocol.
Tools Used
Manual Review
Recommendations
To mitigate this vulnerability, the protocol should be adjusted to ensure fairness during paused states. There are two potential solutions:
-
Allow users to close their liquidations even when the protocol is paused.
-
Prevent the stability pool from finalizing liquidations when the protocol is paused.
Implementing either of these solutions will ensure that users are not unfairly disadvantaged during emergency situations and maintain the integrity of the protocol.
Lead Judging Commences
Unfair Liquidation As Repayment / closeLiquidation Paused While Liquidations Enabled
Unfair Liquidation As Repayment / closeLiquidation Paused While Liquidations Enabled
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.