Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Insecure Debt Repayment Logic Enables Partial Repayment Exploit

kobbyeugene

Summary

The _repay function caps repayments at userScaledDebt but burns actualRepayAmount without validation, enabling attackers to leave dust debt.

Vulnerability Details

If actualRepayAmount < amount, the excess amount - actualRepayAmount is not refunded. Attackers can repeatedly repay tiny amounts to keep debt below DUST_THRESHOLD, avoiding liquidation.

Impact

  • Debt Avoidance: Users avoid liquidation by maintaining dust debt.

  • Protocol Insolvency: Accumulated unpaid debt threatens system solvency.

Tools Used

manual review

Recommendations

Refund excess amounts

Enforce full repayment during liquidation grace periods.

if (amount > actualRepayAmount) {
IERC20(reserveAssetToken).safeTransfer(msg.sender, amount - actualRepayAmount);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.