Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

StabilityPool has no source of crvUSD, thus unable to liquidate underwater positions

shuernchua

Summary

Underwater positions in the LendingPool are unable to be liquidated because the StabilityPool has no source of crvUSD

Vulnerability Details

  1. The owner or manager of the StabilityPool is in charge of calling liquidateBorrower() in the StabilityPool contract to finalize the liquidation process.

  2. In the liquidateBorrower() function, the StabilityPool will first approve the LendingPool to spend scaledUserDebt of crvUSD as seen here.

  3. It will then call finalizeLiquidation() in the LendingPool as seen here.

  4. In finalizeLiquidation(), the LendingPool transfers crvUSD from the StabilityPool to the RToken contract as seen here.

  5. However, there is no incentive for users to deposit crvUSD into the StabilityPool contract, and no other contract is in charge of supplying StabilityPool with crvUSD.

  6. Due to the absence of crvUSD in the StabilityPool, underwater positions in the LendingPool can never be liquidated.

Impact

Underwater positions cannot be liquidated.

Tools Used

Manual Review

Recommendations

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

StabilityPool design flaw where liquidations will always fail as StabilityPool receives rTokens but LendingPool expects it to provide crvUSD

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!