Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Unsafe Health Factor Liquidation Threshold Updates Can Lead to Immediate User Liquidations

3n0ch

Relevant Context

The LendingPool contract allows users to deposit NFTs as collateral and borrow against them. The health factor is a key metric that determines if a user's position is healthy or subject to liquidation. The healthFactorLiquidationThreshold parameter defines the minimum health factor below which a position becomes liquidatable.

Finding Description

The setParameter() function allows the owner to update various protocol parameters, including the healthFactorLiquidationThreshold. However, there are no restrictions on increasing this threshold, and changes take effect immediately. This means the owner can arbitrarily increase the threshold, potentially making previously healthy positions immediately eligible for liquidation.

The health factor is calculated in calculateHealthFactor() as:

(collateralThreshold * 1e18) / userDebt

When the health factor falls below healthFactorLiquidationThreshold, users become eligible for liquidation through initiateLiquidation().

Impact Explanation

High. An unsafe increase in healthFactorLiquidationThreshold could force otherwise healthy positions into liquidation without giving users time to adjust their positions. This could lead to significant financial losses for users who suddenly find their positions liquidatable without warning.

Likelihood Explanation

Low. Even in cases where the healthFactorLiquidationThreshold needs to be increased for legitimate protocol adjustments, most user positions would likely maintain healthy ratios well above the threshold. This is because:

  1. Users typically maintain conservative collateral ratios as a safety buffer

  2. The protocol's base liquidation threshold of 80% already provides a significant cushion

  3. Any necessary threshold increases would likely be small and gradual to maintain protocol stability

Therefore, while the impact of an unsafe threshold increase could be severe, the likelihood of it affecting a large number of user positions is low under normal protocol operations.

Proof of Concept

  1. Alice deposits NFT collateral worth 100 ETH and borrows 50 ETH

  2. With current healthFactorLiquidationThreshold = 1e18, Alice's position is healthy with a health factor of 1.6e18

  3. Owner calls setParameter(OwnerParameter.HealthFactorLiquidationThreshold, 1.7e18)

  4. Alice's position immediately becomes liquidatable as her health factor (1.6e18) is now below the new threshold (1.7e18)

  5. Anyone can call initiateLiquidation() on Alice's position

Recommendation

Add safety measures when updating the healthFactorLiquidationThreshold:

  1. Only allow decreasing the threshold.

  2. If increases are necessary, implement a timelock mechanism that delays the effect of the increase, giving users time to adjust their positions.

function setParameter(OwnerParameter param, uint256 newValue) external override onlyOwner {
if (param == OwnerParameter.HealthFactorLiquidationThreshold) {
+ require(newValue <= healthFactorLiquidationThreshold, "Can only decrease threshold");
healthFactorLiquidationThreshold = newValue;
emit LiquidationParametersUpdated(liquidationThreshold, healthFactorLiquidationThreshold, liquidationGracePeriod);
}
// ... rest of the function
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!