Summary and Impact

The LendingPool contract's liquidation mechanism contains a critical logical error that completely inverts the intended behavior of the protocol's safety system. The initiateLiquidation function's conditional check is backward, causing the function to revert precisely when it should execute and proceed when it should revert.

This fundamentally breaks the protocol's core safety mechanism. Per the documentation, RAAC is designed to "deeply integrate real estate within on-chain finance rails for seamless accessibility, composability, stability and capital efficiency." The liquidation system is essential to maintaining this stability - without it, the entire lending system becomes unsafe as bad debt cannot be cleared.

Looking at the protocol documentation:

• Borrower: NFT Owner that collateralizes their NFT and borrows CRVUSD against them.

• Collector: Contracts that receive swap taxes and similar revenue (FeeCollector).

These roles depend on a functioning liquidation system to maintain protocol solvency. The current implementation makes this impossible.

Vulnerability Details

The issue lies in the liquidation check condition in LendingPool.sol:

The condition if (healthFactor >= healthFactorLiquidationThreshold) means:

1. When health factor is GOOD (>= threshold) -> function reverts

2. When health factor is BAD (< threshold) -> function continues

3. However, the revert message is "HealthFactorTooLow", which is exactly backward

I've created a test demonstrating this:

This means:

1. Underwater positions cannot be liquidated

2. Bad debt accumulates in the system

3. Protocol becomes increasingly insolvent

4. No way to recover collateral from defaulted positions

Tools Used

• Manual Review

• Hardhat

Recommendations

The condition should be reversed to match the intended logic:

This aligns with the protocol's documentation and intended safety mechanisms, allowing liquidations to occur when positions become undercollateralized.