Health factor of user should be checked at repayment
Vulnerability Details
When a user repays debt his health factor improves. This can lead to a liquidatable user to suddenly not to be liquidatabale due to having repaid his debts.
However the code does not account for this and if someone has been called at LendingPool::initiateLiquidation() and then repays his debt, the user will still be marked as isUnderLiquidation[userAddress] = true;.
Impact
This can lead to a user thinking he is healthy because he repaid but in reality the system will mark him as not. This leads to him being able to be liquidated from StabilityPool::liquidateBorrower().
As you can see here there are no checks for health on the StabilityPool::liquidateBorrower() function. Neither in the LendingPool::finalizeLiquidation(), which only checks if isUnderLiquidation[userAddress] == true, here.
The reason on why there are no checks of health factor on this processes is because the health factor was already checked on LendingPool::initiateLiquidation(), here.
But this assumption is wrong, as the health factor can change during the time a liquidation process is initialized to finalized. For example if the user directly calls LendingPool::repay() as explained.
Recommendations
At repayment check the health factor, and if healthy mark the liquidatable related states to not liquidatable. These are:
Read repayment logic here to see that there are no health factor checks.
Lead Judging Commences
LendingPool::finalizeLiquidation() never checks if debt is still unhealthy
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.