Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Insufficient Liquidation Protection Due to Lack of Health Factor Check

recur

Summary

The closeLiquidation function in its currently only checks if the borrower's debt is below a certain threshold to determine whether to remove them from liquidation status. This approach is not enough because it overlooks:

  1. Partial Repayments: Borrowers might make partial repayments to avoid liquidation but still be at risk of being undercollateralized., which will revert in => if (userDebt > DUST_THRESHOLD) revert DebtNotZero(); which require user to pay all of there complete debt, but when they just repay enough to safe there position, they will still get liquidate.

  2. Collateral Value Increase: The value of collateral (such as NFTs) may rise, improving the borrower's position.

  3. Health Factor Consideration: A more comprehensive metric like the health factor should be used to assess liquidation eligibility.

Without incorporating the health factor, borrowers who should be protected from liquidation may still be flagged, while others who manipulate repayments could avoid liquidation unfairly.

Vulnerability Details

Current Implementation of closeLiquidation

function closeLiquidation() external nonReentrant whenNotPaused {
address userAddress = msg.sender;
if (!isUnderLiquidation[userAddress]) revert NotUnderLiquidation();
// Current check is insufficient for liquidation protection
if (block.timestamp > liquidationStartTime[userAddress] + liquidationGracePeriod) {
revert GracePeriodExpired();
}
UserData storage user = userData[userAddress];
uint256 userDebt = user.scaledDebtBalance.rayMul(reserve.usageIndex);
if (userDebt > DUST_THRESHOLD) revert DebtNotZero();
isUnderLiquidation[userAddress] = false;
liquidationStartTime[userAddress] = 0;
emit LiquidationClosed(userAddress);
}

Why This Check is Insufficient

  1. Partial Repayments

    • A borrower may repay just enough to avoid liquidation but remain undercollateralized.

    • The current debt check (DUST_THRESHOLD) is inadequate to ensure the borrower's position is fully solvent.

  2. NFT Collateral Value May Increase

    • The protocol does not reassess the borrower's health based on collateral value (e.g., NFT price appreciation).

    • If collateral value increases, the borrower's financial position could improve, and they should not be liquidated.

  3. No Health Factor Consideration

    • The contract does not include the health factor as a metric for determining liquidation status.

    • A proper check would consider both debt and collateral value to ensure the borrower is solvent before closing liquidation.

Impact

  • Unfair Liquidations: Borrowers may be unfairly liquidated even if their collateral value has increased, due to the lack of up-to-date checks.

  • Weak Liquidation Protection: Without a health factor validation, liquidation protection mechanisms become unreliable, putting borrowers at risk.

Recommendations

Implement Health Factor Check in closeLiquidation
To ensure proper liquidation protection, modify closeLiquidation to evaluate the borrower’s health factor before removing them from liquidation.

This will also protect againt any partial Repayment done by user to save there position.

function closeLiquidation() external nonReentrant whenNotPaused {
address userAddress = msg.sender;
if (!isUnderLiquidation[userAddress]) revert NotUnderLiquidation();
uint256 healthFactor = calculateHealthFactor(userAddress);
// Ensure borrower is solvent before closing liquidation
if (healthFactor < SAFE_THRESHOLD) {
revert LowHealthFactor();
}
isUnderLiquidation[userAddress] = false;
liquidationStartTime[userAddress] = 0;
emit LiquidationClosed(userAddress);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::finalizeLiquidation() never checks if debt is still unhealthy

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!