A vulnerability stems from the LendingPool
contract, where the protocol can enter a state in which payments are paused while liquidations remain partially enabled. The repay
and repayOnBehalf
functions are disabled when the contract is paused, this may prevent borrowers from paying their debt to improve their health factor. However the finalizeLiquidation
lacks a pause check, allowing the StabilityPool
to liquidate positions that were initiated before the pause. This creates an unfair scenario where borrowers are unable to mitigate liquidation risk, yet liquidations are still ongoing during the contracts paused state. This vulnerability undermines the fairness and integrity of the lending pool.
This function lacks the whenNotPaused
modifier allowing the StabilityPool
to execute this function even when the contract is paused, provided the position was marked for liquidation beforehand.
stabilityPool.liquidateBorrower
It uses whenNotPaused
as well but this applies to the stability pool's pause state and not the lending pools's. If the StabilityPool
is unpaused it can call finalizeLiquidation
regardless of the lending pool's state.
Borrowers are unfairly penalized as they cannot repay debt to avoid liquidation during a pause, yet their collateral remains at risk. this could lead to unnecessary liquidations and loss of assets.
The lack of equitable treatment may discourage user's participation, damaging the protocol's reputation and adoption.
Borrowers unable to pay during a pause may suffer disproportionate losses if collateral value fluctuates, while liquidator via the StabilityPool
without borrower recourse.
Manual review
To address this issue and ensure the fairness of borrowers in the LiquidityPool
modify the finalizeLiquidation
function to enforce a consistent pause state.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.