Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Incorrect liquidation check when borrowing and withdrawing

valy001

Summary

The liquidation status check implemented in LendingPool.sol when borrowing or withdrawing is incorrect

Vulnerability Details

Users are allowed to deposit RAAC NFT as collateral to borrow against them and withdraw back after they pay all the debt. The liquidation status is checked when borrowing to ensure users have enough collateral to cover their debt, meaning that should greater than . However the code implemented in LendingPool.sol is incorrect:

if (collateralValue < userTotalDebt.percentMul(liquidationThreshold)) {//@audit collateral*threshold<debt?
revert NotEnoughCollateralToBorrow();
}

same issue can be found in withdrawNFT() method.

https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/pools/LendingPool/LendingPool.sol#L302

https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/pools/LendingPool/LendingPool.sol#L344

Impact

bad debt will not be liquidated in time, protocol/lending users will suffer from the loss.

Tools Used

manual

Recommendations

consider changing to:

if (collateralValue.percentMul(liquidationThreshold)< userTotalDebt) {
revert NotEnoughCollateralToBorrow();
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::borrow as well as withdrawNFT() reverses collateralization check, comparing collateral < debt*0.8 instead of collateral*0.8 > debt, allowing 125% borrowing vs intended 80%

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!