Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Users would be unfairly liquidated if the protocol is paused and later reactivated after GracePeriod

player_1

Summary

Users would be unfairly liquidated if the protocol is paused and later reactivated

Vulnerability Details

The protocol uses a global variable in solidity block.timestamp to check if a user has exceeded their GracePeriod when trying to call the closeliquidation function and stop the liquidation process on the user. This is an issue because the function can only be called WhenNotPaused, whereas their GracePeriod still reads during the paused duration of the function. When the closeliquidation function is paused, a user can call the function _repay and repay their debt. After repaying the debt, the user would be unable to call the closeliquidation function and stop the liquidation process that has been initiated. If the function is reactivated after the GracePeriod has expired and the the user calls the closeliquidation function, it would revert with error GracePeriodExpired. The user would then be forcefully liquidated.

@> function closeLiquidation() external nonReentrant whenNotPaused {
address userAddress = msg.sender;
if (!isUnderLiquidation[userAddress]) revert NotUnderLiquidation();
// update state
ReserveLibrary.updateReserveState(reserve, rateData);
@> if (block.timestamp > liquidationStartTime[userAddress] + liquidationGracePeriod) {
revert GracePeriodExpired();
}
UserData storage user = userData[userAddress];
uint256 userDebt = user.scaledDebtBalance.rayMul(reserve.usageIndex);
if (userDebt > DUST_THRESHOLD) revert DebtNotZero();
isUnderLiquidation[userAddress] = false;
liquidationStartTime[userAddress] = 0;
emit LiquidationClosed(userAddress);
}

Impact

In the event of the closeliqidation function being paused, user would be unable to call closeliquidation and would be forcefully liquidated if the paused duration of the function exceeds their GracePeriod.

Tools Used

Manual Review

Recommendations

The whenNotPaused modifier should be removed from the closeliquidation function, thereby allowing users to call closeliquidation, and stop the liquidation process after repaying their debt.

- function closeLiquidation() external nonReentrant whenNotPaused {
address userAddress = msg.sender;
+ function closeLiquidation() external nonReentrant {
address userAddress = msg.sender;
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Appeal created

player_1 Submitter
7 months ago
player_1 Submitter
7 months ago
inallhonesty Lead Judge
7 months ago
player_1 Submitter
7 months ago
player_1 Submitter
7 months ago
player_1 Submitter
7 months ago
inallhonesty Lead Judge
7 months ago
player_1 Submitter
7 months ago
inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Unfair Liquidation As Repayment / closeLiquidation Paused While Liquidations Enabled

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!