Bad Debt Generation
Summary
In the LendingPool.sol contract the finalizeLiquidation function does not allow for immediate liquidation if a user's health factor drops below a certain threshold, regardless of the grace period. This can lead to the generation of "bad debt."
Vulnerability Details
The vulnerability arises from the finalizeLiquidation function, which only allows liquidation after a grace period has expired. However, if a user's health factor drops significantly below a certain threshold, they may generate "bad debt" during the grace period. This bad debt can accumulate and negatively impact the protocol's financial health. The current implementation does not provide a mechanism to immediately finalize liquidation when the user's health factor drops below a critical threshold, allowing bad debt to persist.
Impact
By not allowing immediate liquidation when a user's health factor drops below a critical threshold, the protocol may accumulate bad debt. This bad debt can lead to financial instability and losses for the protocol and its users. It undermines the protocol's ability to maintain a healthy and balanced financial state, as users with significantly low health factors can continue to generate debt that cannot be immediately addressed.
Tools Used
Manual Review
Recommendations
To mitigate this vulnerability, introduce a threshold for immediate liquidation in the finalizeLiquidation function. If a user's health factor drops below this threshold, the protocol should allow for immediate liquidation, regardless of the grace period.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.