The current liquidation mechanism in the LendingPool.sol allows a borrower's health factor to drop below the liquidation threshold before initiating liquidation. This delay can result in bad debt if the collateral price drops drastically before liquidation occurs.
The protocol relies on a health factor to determine when to liquidate borrowers in the initiateLiquidation Function. However, the current implementation allows a borrower's health factor to drop below the liquidation threshold before triggering liquidation. This delay creates a risk of bad debt if collateral prices drop too quickly.
π Issue: Liquidation only happens after healthFactor falls below the threshold, potentially too late.
User takes a loan by depositing collateral and borrowing tokens.
The collateral price drops suddenly due to market fluctuations or manipulation.
The health factor falls below 1.0, meaning the collateral is now worth less than the debt.
The protocol tries to liquidate, but the collateral is already insufficient.
Protocol takes a loss because it cannot recover the full loan amount.
If the price of collateral drops quickly, the liquidation process is too slow to react.
The protocol might not recover enough funds, leading to bad debt and insolvency risks.
Attackers could manipulate prices to exploit this flaw.
Manuel Review
1. Trigger Liquidation Earlier
Instead of waiting for healthFactor < 1.0, trigger liquidation when healthFactor < 1.1.
2. Implement Emergency Liquidation
If the price of collateral drops drastically, force liquidation immediately before it falls too low.
3. Use Automated Liquidation Bots
Set up off-chain keepers (or Chainlink Automation) to detect sudden price drops and trigger liquidations instantly.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.