Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Inadequate Liquidation Incentives Mechanism Leading to Potential protocol insolvency through unliquidated bad debt accumulation

kineticsofweb3

Summary

The lending protocol's liquidation mechanism lacks sufficient incentives for liquidators, creating a critical vulnerability that could lead to protocol insolvency. The current implementation fails to provide adequate rewards for liquidators, particularly for small positions, while the penalty structure doesn't properly account for market conditions and gas costs.

Vulnerability Details

calculateHealthFactor
Specific Issue: Uses fixed liquidation threshold without considering market conditions
Impact: May not provide adequate protection during high volatility
setParameter
Specific Issue: Allows modification of liquidation parameters without proper validation
Impact: Could lead to inadequate incentives if parameters are set too low
_ensureLiquidity
Specific Issue: Doesn't account for liquidation costs in liquidity calculations
Impact: May lead to insufficient funds for liquidators
_rebalanceLiquidity
Specific Issue: Doesn't consider liquidation scenarios in buffer calculations
Impact: Could lead to insufficient funds for liquidators during market stress

Root Cause

  1. Inadequate Economic Design - Penalty structure not aligned with market realities

  • No consideration for liquidator operational costs

  • Static parameters instead of dynamic adjustments

  1. Missing Risk Parameters - No minimum position sizes

  • No market impact considerations

  • No gas cost compensation mechanisms

Impact

  1. Protocol Solvency Risk - Accumulation of unliquidated bad debt

  • Potential protocol insolvency during market stress

  • Reduced confidence in protocol stability

  1. Market Effects - Reduced lending efficiency

Tools Used

  1. Static Analysis

  2. Dynamic Testing - Market simulation tools

  • Stress testing scenarios

  • Gas cost analysis

Proof of Concept

demonstrating the vulnerability using a Hardhat test:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {Test} from "forge-std/Test.sol";
import {LendingPool} from "../src/LendingPool.sol";
contract LiquidationIncentiveTest is Test {
LendingPool public lendingPool;
address public liquidator;
address public borrower;
function setUp() public {
// Initialize test environment
lendingPool = new LendingPool();
liquidator = address(1);
borrower = address(2);
// Set up initial state
vm.prank(borrower);
lendingPool.deposit(1000 ether);
lendingPool.borrow(800 ether);
}
function testInadequateLiquidationIncentive() public {
// Simulate price drop
vm.prank(address(3)); // Price oracle
lendingPool.setCollateralPrice(500 ether);
// Calculate expected liquidation incentive
uint256 collateralValue = 500 ether;
uint256 debt = 800 ether;
uint256 incentive = collateralValue * lendingPool.liquidationIncentive() / 100;
// Attempt liquidation
vm.prank(liquidator);
vm.expectRevert(bytes("Insufficient incentive"));
lendingPool.liquidate(borrower);
}
}

Test Output:

Running 1 test for src/test/LiquidationIncentiveTest.sol:LendingPoolTest
[FAIL] testInadequateLiquidationIncentive (#0-0)
Traces:
[0x...]: revert Insufficient incentive
at src/test/LiquidationIncentiveTest.sol:35
at ???

Mitigation

  1. Immediate Fixes - Implement minimum position sizes

  • Add gas cost compensation

  • Increase liquidation incentives for small positions

  1. Structural Changes - Implement dynamic penalty structure based on:

    • Market volatility

    • Position size

    • Time since becoming undercollateralized

  • Add liquidator reputation system

  • Implement priority queue for liquidations

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Appeal created

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

No incentive to liquidate

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.