The NFTLiquidator contract Manages the liquidation process for under-collateralized RAAC NFT loans and implements an auction mechanism for liquidated NFTs and interacts with the StabilityPool. The NFTLiquidator should liquidate `under-collateralized NFTs`, but in the `NFTLiquidator::LiquidateNFT` function, The `stabilityPool` liquidates any User's NFT without any check that the user is under-collaterized. The user can be over-collaterized, but yet his NFT's can still be liquidated.

function liquidateNFT(uint256 tokenId, uint256 debt) external {

if (msg.sender != stabilityPool) revert OnlyStabilityPool();

nftContract.transferFrom(msg.sender, address(this), tokenId);

​

tokenData[tokenId] = TokenData({

debt: debt,

auctionEndTime: block.timestamp + 3 days,

highestBid: 0,

highestBidder: address(0)

});

​

indexToken.mint(stabilityPool, debt);

​

emit NFTLiquidated(tokenId, debt);

emit AuctionStarted(tokenId, debt, tokenData[tokenId].auctionEndTime);

}

The impact is high. A user can deposit NFTs into the pool to borrow some reserve assets, but using the code snippet shown above, the user's NFTs can be liquidated even if they are overcollaterized.

Create an implementation that ensures over-collaterized users cannot be liquidated.