Summary

The closeLiquidation function contains a check that ensures a user can only close liquidation if their debt is below a defined DUST_THRESHOLD. However, the condition currently uses if (userDebt > DUST_THRESHOLD) revert DebtNotZero();, which allows the function to proceed when userDebt == DUST_THRESHOLD. This may lead to an unintended scenario where a user still has outstanding debt while being able to close liquidation.

Vulnerability Details

• The function closeLiquidation is responsible for allowing users to close liquidation within the grace period if their debt has been fully repaid.

• The condition if (userDebt > DUST_THRESHOLD) revert DebtNotZero(); only prevents execution when userDebt is strictly greater than DUST_THRESHOLD.

• If userDebt == DUST_THRESHOLD, the function allows liquidation closure despite the debt not being completely settled.

• This could result in users bypassing the debt repayment requirement and exiting liquidation status prematurely.

Impact

• Users might close liquidation without fully settling their debt, leading to financial inconsistencies.

Tools Used

• Manual code review

• Static analysis

Recommendations

• Modify the condition to if (userDebt >= DUST_THRESHOLD) revert DebtNotZero(); to ensure that liquidation can only be closed when the user's debt is strictly less than DUST_THRESHOLD.

• Perform additional tests to verify the expected behavior of the function when userDebt is exactly equal to DUST_THRESHOLD.

By implementing this change, the contract ensures that liquidation can only be closed when the debt is completely negligible or zero, improving the robustness of the repayment logic.