Core Contracts

Summary

Users who repay their debt during the liquidation grace period but fail to call closeLiquidation() before the grace period ends remain permanently locked in liquidation status. Similarly, users who repay at the exact grace period deadline have no opportunity to close liquidation as closeLiquidation() immediately reverts after expiry. Since repayment alone does not reset isUnderLiquidation to false, affected users are unable to withdraw assets or interact with the protocol as they are deemed to be underliquidation.

Vulnerability Details

After initiateLiquidation is called on a users;

The _repay() function allows users to repay their debt but does not update isUnderLiquidation. Users must manually call closeLiquidation() to reset their liquidation status. If a user repays their debt early in the grace period but forgets to call closeLiquidation(), they miss their only chance to recover. Similarly, If a user repays close to the grace period deadline, they may not have a transaction window to call closeLiquidation().

If the grace period expires after repayment, closeLiquidation() starts reverting:

Once the grace period expires, closeLiquidation() always reverts leaving isUnderLiquidation permanently set to true.

Since these users do not qualify for forced liquidation via the stability pool (as their health factor is healthy after repayment), there is no way for them to exit liquidation.
The isUnderLiquidation flag prevents users from withdrawing NFTs and accessing certain features such as further borrowing.

Impact

Users who repay their debt during grace period of liquidation but fail to close liquidation in time are permanently locked out of withdrawals and further borrowing.

Tools Used

Manual code review

Recommendations

Modify closeLiquidation() to be Called even After Grace Period if Debt is Fully Repaid.