Core Contracts

Summary

In LendingPool contract, Users who are trying to deposit NFT(collateral) in order to raise their healthFactor to avoid getting liquidated, can be front-run by anyone, putting them underLiquidation, and at the same time, their NFT(collateral) would also be deposited as there is no validation in depositNFT() for users undergoing liquidations.

Vulnerability Details

Users whose health factor goes below healthFactorLiquidationThreshold can be liquidated.

In order to avoid this, they can call depositNFT() to raise their health factor by depositing NFT collateral.

However, there lies an issue here.

The function initiateLiquidation() can be called by ANYONE. Therefore, if a person is close to getting liquidated, they may choose to depositNFT() to raise their collateral value.

If someone were to frontrun the User by calling initiateLiquidation(), before the user calls depositNFT(), then they'll succeed in putting the user under liquidation and at the same time, the person will deposit his NFT collateral in the LendingPool

Now, the user will have to spend much MORE funds within the GRACE PERIOD(3 days) in order to repay his debt to avoid getting liquidated which could potentially result in his collateral getting taken away.

Another issue is that, even though NOW the collateral deposited is sufficient to cover the health factor threshold, this would NOT even be considered when finalizeLiquidation() is called from StabilityPool.

This results in User losing his NFT collateral.

depositNFT()

initiateLiquidation()

Impact

Users will lose their NFT collateral.

Tools Used

Manual

Recommendations

Consider adding a validation check in depositNFT()