Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Exploitable Dust Debt in `closeLiquidation` Leading to Potential Protocol Insolvency

mahdikarimi

Summary

A vulnerability exists in the closeLiquidation function where users can exploit a dust threshold (DUST_THRESHOLD = 1e6) to avoid fully repaying their debt. This could result in a systematic accumulation of uncollectable bad debt, leading to protocol insolvency and preventing full withdrawals for the last users.

Vulnerability Details

The closeLiquidation function allows users to exit liquidation status by ensuring their debt is below the DUST_THRESHOLD. However, due to the way this threshold is implemented, a user can intentionally leave a small portion of debt unpaid (less than DUST_THRESHOLD) and repeatedly exploit this behavior to avoid fully repaying their obligations. Over time, these small unpaid debts accumulate, creating a systemic risk where the protocol accrues bad debt.

Code Reference:

function closeLiquidation() external nonReentrant whenNotPaused {
address userAddress = msg.sender;
if (!isUnderLiquidation[userAddress]) revert NotUnderLiquidation();
// update state
ReserveLibrary.updateReserveState(reserve, rateData);
if (block.timestamp > liquidationStartTime[userAddress] + liquidationGracePeriod) {
revert GracePeriodExpired();
}
UserData storage user = userData[userAddress];
uint256 userDebt = user.scaledDebtBalance.rayMul(reserve.usageIndex);
// **Vulnerable Check**
if (userDebt > DUST_THRESHOLD) revert DebtNotZero();
isUnderLiquidation[userAddress] = false;
liquidationStartTime[userAddress] = 0;
emit LiquidationClosed(userAddress);
}

Exploitation Scenario:

  1. A user accumulates a large debt and is marked for liquidation.

  2. Before finalizing liquidation, the user repays most of their debt but ensures the remaining amount is just below the DUST_THRESHOLD.

  3. They call closeLiquidation(), which allows them to exit liquidation status without paying off the remaining small debt.

  4. The process repeats, allowing multiple users to accumulate unpaid small debts.

  5. Over time, the protocol accrues uncollectable debt, leading to insolvency where the last users may be unable to withdraw funds fully.

Impact

  • Accumulation of Bad Debt: Malicious users can repeatedly exploit this loophole, leaving behind small unpaid debts.

Suggested Fixes

  1. Require Full Repayment Before Exiting Liquidation:

    • Modify the closeLiquidation function to ensure that all debt is cleared, even amounts below the DUST_THRESHOLD.

    • Example Fix:

    if (userDebt > 0) revert DebtNotZero();
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

closeLiquidation allows users to exit liquidation with debt under DUST_THRESHOLD (1e6), potentially accumulating bad debt across multiple users over time

The dust amount remains as debt of the user. This continues to accrue interest and will block complete NFT withdrawals if left unpaid.

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

closeLiquidation allows users to exit liquidation with debt under DUST_THRESHOLD (1e6), potentially accumulating bad debt across multiple users over time

The dust amount remains as debt of the user. This continues to accrue interest and will block complete NFT withdrawals if left unpaid.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!