Core Contracts

Description

LendingPool::finalizeLiquidation, LendingPool::getUserCollateralValue and LendingPool::withdrawNFT all use unbounded loops for critical operations.

Vulnerability Details

The use of unbounded loops can make execution of functions expensive, and in certain circumstances, if the array would be too long, prevent the execution as a whole. Especially using such loops within critical logic, like liquidation logic in this case here, could be exploited to the degree that a user would not be liquidatable.

Impact

The likelihood of someone being able to buy these many RAACNFTs which it would require to entirely DoS those parts of the logic is incredibly low, and frankly, I'm quite certain this finding can be deemed informational as well, but I decided to report it anyhow because:

1. If a user were somehow able to buy these many NFTs to DoS liquidation logic, that would most likely be the user for which a liquidation SHOULD NEVER fail.

2. I originally had (and still have) capital concerns, the financial burden to buy so many NFTs is estimated to be gigantic, but since a user can leverage his existing NFTs to buy more NFTs, there might actually be a chance, that big time investors could actually reach a threshold.

3. There is nothing mentioned in the Docs where this real estate will be, if RAAC would offer studio-type condos somewhere in SEA vs. High End Real-estate would certainly make a difference to evaluate the feasibility of mentioned issue.

Anyway, overall this should be a Low or Informational finding, the likelihood is just too small.

Recommended Fix

Bound the loops, maybe limit the max number of NFTs a single account could buy. This would increase the holders security as well, spreading the investments over several PKeys and ensures that those loops stay executable. Classic win-win I guess.