Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Partially repaid fund during liquidation grace period is lost

glightspeed2

Summary

If user repays part of the debt during liquidation grace period, but fails to clean up the debt, their NFTs will all be liquidated anyway.

Vulnerability Details

Users can deposit NFTs to LendingPool and can borrow crvUSD.

If the position's health factor goes below certain threshold, the liquidation process can start.

The borrower has grace period to repay their debt.

The problem is, the user can close liquidation only if their debt is under dust amount.

function closeLiquidation() external nonReentrant whenNotPaused {

address userAddress = msg.sender;

if (!isUnderLiquidation[userAddress]) revert NotUnderLiquidation();

// update state

ReserveLibrary.updateReserveState(reserve, rateData);

if (block.timestamp > liquidationStartTime[userAddress] + liquidationGracePeriod) {

revert GracePeriodExpired();

}

UserData storage user = userData[userAddress];

uint256 userDebt = user.scaledDebtBalance.rayMul(reserve.usageIndex);

@> if (userDebt > DUST_THRESHOLD) revert DebtNotZero(); // @audit too harsh condition

isUnderLiquidation[userAddress] = false;

liquidationStartTime[userAddress] = 0;

emit LiquidationClosed(userAddress);

}

If the user fails to clean up most of the debt, the liquidation will be finalized anyway after grace period.

The amount user repaid during grace period will all be lost and user's NFTs will all be transferred to StabilityPool and gets liquidated.

Impact

Maybe the issue can be categorized as "user mistake" but this mistake can happen too frequently.

If the user for example, repaid half of the total debt during grace period, and then gets liquidated afterwards, they will lose the repaid money and all the NFTs they deposited into the protocol.

Tools Used

Manual Review

Recommendations

During liquidation grace period, don't allow partial repayment.
Or, implement another health factor threshold (0.6 for example) that can close the liquidation

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

LendingPool::finalizeLiquidation() never checks if debt is still unhealthy

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!