Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

The NFT cannot be liquidated in the `NFTLiquidator` contract.

saurabh_singh

Summary

An NFT cannot be liquidated because of the check (msg.sender != stabilityPool) in the NFTLiquidator contract.

Vulnerability Details

The if condition checks whether the caller of the liquidateNFT function is stabilityPool or not. If it is not stabilityPool, it will revert. Hence, only the stabilityPool can call this function to liquidate NFTs.

But in the StabilityPool contract, there is no function call made to the NFTLiquidator contract for the liquidateNFT function.

Because of the if condition, no one other than stabilityPool can call this function.

Since StabilityPool does not call liquidateNFT, the NFT cannot be liquidated.

function liquidateNFT(uint256 tokenId, uint256 debt) external {
@>> if (msg.sender != stabilityPool) revert OnlyStabilityPool();
nftContract.transferFrom(msg.sender, address(this), tokenId);
tokenData[tokenId] = TokenData({
debt: debt,
auctionEndTime: block.timestamp + 3 days,
highestBid: 0,
highestBidder: address(0)
});
indexToken.mint(stabilityPool, debt);
emit NFTLiquidated(tokenId, debt);
emit AuctionStarted(tokenId, debt, tokenData[tokenId].auctionEndTime);
}

Impact

The user under debt cannot liquidate their NFT, nor can the contract liquidate the user's NFT to prevent over-indebtedness.

Recommendations

Call the liquidateNFT function in the StabilityPool where it is needed.

or remove the if condition to call the function from other contracts, or directly by user.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Liquidated RAACNFTs are sent to the StabilityPool by LendingPool::finalizeLiquidation where they get stuck

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!