Users cannot repay when the LendingPool contract is paused causing forced and unfair liquidations
Summary
The RAAC protocol freezes all user actions when the contract is paused, including repaying loans. This creates a critical issue where borrowers cannot protect themselves from liquidation during a pause, leading to unfair liquidations that forcefully seize user assets.
In a properly designed system, users should always be able to repay loans or add collateral, even if the protocol is paused for security reasons. Blocking these actions results in forced liquidations, even when a user has the funds to prevent it.
Vulnerability Details
The pause mechanism is designed to stop protocol interactions during emergencies. However, it does not distinguish between harmful actions (e.g., borrowing more funds) and protective actions (e.g., repaying debt).
The key issue lies in how the whenNotPaused modifier is applied to repayment functions
When the contract is paused, users are blocked from calling:
repay(uint256 amount, address user, address onBehalfOf)– prevents users from clearing their debt, even if they have the funds.repayOnBehalf(uint256 amount, address onBehalfOf)repayOnBehalf(uint256 amount, address onBehalfOf)- prevents users from helping other's clear debt
As a result, borrowers get liquidated even when they have the ability to prevent it.
Impact
Users cannot repay leading to forced and unfair liquidations
Tools Used
Manual review
Recommendations
Allow repayments even when contract is paused
Lead Judging Commences
Unfair Liquidation As Repayment / closeLiquidation Paused While Liquidations Enabled
Unfair Liquidation As Repayment / closeLiquidation Paused While Liquidations Enabled
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.