Core Contracts

Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Submission Details
Severity: high
Invalid

`LendingPool.sol::closeLiquidation()` is missing transfer related operations.

Summary

The purpose of closeLiquidation() is to transfer reserveAsset back to lending pool and claim NFT from pool. But it's not happening in current implementation.

function closeLiquidation() external nonReentrant whenNotPaused {
address userAddress = msg.sender;
if (!isUnderLiquidation[userAddress]) revert NotUnderLiquidation();
// update state
ReserveLibrary.updateReserveState(reserve, rateData);
if (block.timestamp > liquidationStartTime[userAddress] + liquidationGracePeriod) {
revert GracePeriodExpired();
}
// @audit - it's not performing any transfer operation, lacking nft and crvusd transfers.
UserData storage user = userData[userAddress];
uint256 userDebt = user.scaledDebtBalance.rayMul(reserve.usageIndex);
if (userDebt > DUST_THRESHOLD) revert DebtNotZero();
isUnderLiquidation[userAddress] = false;
liquidationStartTime[userAddress] = 0;
emit LiquidationClosed(userAddress);
}

Vulnerability Details

Same as above.

Impact

  • No actual transfer of funds taking place.

  • This closeLiquidation() function can be used by attacker to front-run finalizeLiquidation(), leading to DOS. as it will set former function will set isUnderLiquidation[userAddress] = false;; which will revert for later function.

Tools Used

Manual

Recommendations

Implement actual fund tranfer functions in closeLiquidation() functions.

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.