incorrect collateral threshold application
Summary
Vulnerability Details
The protocol incorrectly applies the liquidation threshold to debt instead of collateral when validating borrow requests. This inversion allows users to borrow amounts that exceed their collateral value, creating instant undercollateralized positions and systemic insolvency risk.
here we can also see that it is enforced that the liquidationthreshold is below 10000
proof of concept
uint256 collateralValue = 80e18; // $80 collateral
uint256 liquidationThreshold = 8000; // 80% in basis points (8000 = 80%)
uint256 userTotalDebt = 100e18; //$100 debt
if (collateralValue < userTotalDebt.percentMul(liquidationThreshold)) {
revert NotEnoughCollateralToBorrow()
What It Does (Example Breakdown):
Flawed Calculation:
userTotalDebt.percentMul(liquidationThreshold) = 100e18 * 8000 / 10000 = 80e18 ($80)
if (80e18 < 80e18) → false → borrow allowed
Impact
User borrows
incorrect validation causes borrowers to borrow at a very low collateral amount leading to loss of funds for the protocol
Tools Used
Recommendations
apply the liquidation threshold correctly
Lead Judging Commences
LendingPool::borrow as well as withdrawNFT() reverses collateralization check, comparing collateral < debt*0.8 instead of collateral*0.8 > debt, allowing 125% borrowing vs intended 80%
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.