Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Improper Borrowing Limit Leading to Potential Liquidation Risk

recur

## Summary

The current implementation of the borrow function allows users to borrow up to the liquidation threshold of their collateral value, which in practice could result in users borrowing too much. For example, a user with a collateral value of 1,000 can borrow all 1000 tokens under an 80% liquidation threshold, leaving nothing as a safety margin.

To mitigate this, a more conservative borrowing limit should be implemented, ensuring that users can only borrow a fraction of their collateral that leaves a reasonable margin of safety, preventing liquidation risk in case of collateral depreciation or growing debt.

## Vulnerability Details

Issue:
- The current implementation allows a user to borrow up to 80% of their collateral value, which, in some cases, may leave insufficient room for fluctuations in the collateral’s value or other market conditions. This puts users at risk of liquidation even if they are below the liquidation threshold.
- For example, with 1,000 collateral, a user can borrow 1000 tokens, leaving only 0tokens as a buffer. If the collateral value drops slightly or the debt increases,
- 1000 < 1000*8000/10000 =800, which will pass the if check and let user to borrow 1000 tokens for collaeral of 1000 tokens
- which is not correct they will get liquidate at the next moment they borrow the amount.
- if (collateralValue < userTotalDebt.percentMul(liquidationThreshold)) {
  revert NotEnoughCollateralToBorrow();
  }

## Impact

Increased Risk of Liquidation:
- Users can borrow too much of their collateral value, leading to a small safety margin. This significantly increases the chances of liquidation when collateral values fluctuate.
- user can get liquidate the next moment

User can borrow the protocol resorces equal to there collateral value and more than that and have unintended consequence on liquidation.

## Tools Used

Manual code review of the borrow function and collateral checks.

## Recommendations

Implement a More Conservative Borrowing Limit:
- Instead of allowing users to borrow up to the full liquidation threshold, introduce a safer borrowing limit to ensure that users only borrow a smaller portion of their collateral, leaving a cushion for market fluctuations. This would prevent users from overleveraging.
Example fix:

uint256 maxBorrowable = collateralValue.percentMul(maxBorrowPercentage); // e.g., 70% for safety margin
if (amount > maxBorrowable) {
revert NotEnoughCollateralToBorrow();
}

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago

Submission Judgement Published

Invalidated

Reason: Too generic

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.