incorrect undercollateralization check during borrowing and withdrawal of NFT
Summary
incorrect collateralization check during borrowing and withdrawal of NFTs which is essentially checking if collateral is enough to cover 80% of the debt.
Vulnerability Details
during withdrawal of NFT we're ensuring collateral value can cover 80% of the total user debt which is wrong as we're essentially allowing undercolateralization we're also doing this during borrowing, this will cause bad debt and loss for the protocol.
here's the check during NFT withdrawal:
as well as during borrowing :
this is essentially saying a debt of CRVUSD 1000 can be covered by CRVUSD 800 worth of NFT(80% of debt).
if the claim is that users are allowed to be undercollateralized because their collateral is stable and goes up in value then the healthfactor calculation will always be lower than the liquidation threshold as it's calculated as collteralValue/userDebt
Impact
this will result in bad debt for the protocol.
anyone can initiate liquidation for such users
Tools Used
Recommendations
use the healthfactor calculation for all undercollateralization check :
Lead Judging Commences
LendingPool::borrow as well as withdrawNFT() reverses collateralization check, comparing collateral < debt*0.8 instead of collateral*0.8 > debt, allowing 125% borrowing vs intended 80%
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.