Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Missing Validation on HealthFactorLiquidationThreshold Parameter

adepoju2006

Summary

The setParameter function in the LendingPool.sol allows modifying HealthFactorLiquidationThreshold without any validation. Unlike other parameters, this lacks a require() check to enforce safe value ranges. This oversight could lead to liquidation failures or unnecessary liquidations if an extreme value is set.

Vulnerability Details

The setParameter function allows the contract owner to modify various risk-related parameters, including HealthFactorLiquidationThreshold. However, unlike other parameters, there is no validation on this specific variable, allowing the owner to set an arbitrarily high or low value.

🔍 Affected Function

else if (param == OwnerParameter.HealthFactorLiquidationThreshold) {
healthFactorLiquidationThreshold = newValue;
emit LiquidationParametersUpdated(liquidationThreshold, healthFactorLiquidationThreshold, liquidationGracePeriod);
}

Impact

  • If too low, users could get liquidated unnecessarily, causing fund losses.

  • If too high, liquidations might never trigger, leading to bad debt.

  • No upper/lower bound allows setting arbitrary values.

Tools Used

Manuel Review

Recommendations

Add a require() statement to enforce reasonable thresholds:

require(newValue >= minThreshold && newValue <= maxThreshold, "Invalid Health Factor Threshold");

Where minThreshold and maxThreshold are protocol-defined safe values.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.