Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Unreachable `liquidateNFT` Function in `NFTLiquidator` Renders Auctions Inoperable

johny7173

Summary

The liquidateNFT function in NFTLiquidator.sol is restricted to being called only by the StabilityPool. However, the StabilityPool.sol contract does not invoke this function, making NFTLiquidator effectively unusable. Since liquidateNFT is the entry point for NFT liquidations, auctions cannot be initiated, rendering the entire liquidation mechanism inoperable.

Vulnerability Details

The liquidateNFT function is designed to be called by the StabilityPool to initiate NFT liquidations. However, since no function within StabilityPool.sol actually calls liquidateNFT, the function remains unreachable. As a result:

No NFTs can be liquidated.
No auctions can be started.
The system fails to function as intended, preventing the liquidation process and any recovery of bad debt through auction sales.

This issue stems from missing integration between StabilityPool and NFTLiquidator.

Relevant Code

function liquidateNFT(uint256 tokenId, uint256 debt) external {

if (msg.sender != stabilityPool) revert OnlyStabilityPool();

nftContract.transferFrom(msg.sender, address(this), tokenId);

tokenData[tokenId] = TokenData({

debt: debt,

auctionEndTime: block.timestamp + 3 days,

highestBid: 0,

highestBidder: address(0)

});

indexToken.mint(stabilityPool, debt);

emit NFTLiquidated(tokenId, debt);

emit AuctionStarted(tokenId, debt, tokenData[tokenId].auctionEndTime);

}

Since the function is gated by msg.sender == stabilityPool, but StabilityPool.sol does not invoke it, the function remains dormant.

Impact

This vulnerability completely disables the liquidation process, preventing auctions from being conducted. The inability to liquidate under-collateralized NFTs can have the following consequences:

No recovery mechanism for bad debt: The protocol cannot auction collateralized NFTs to recover debt, leading to potential insolvency.
Broken liquidation flow: Any logic depending on NFT liquidations will fail, affecting protocol stability.

Tools Used

Manual code review

Recommended Mitigation

To fix this issue, ensure that StabilityPool.sol correctly calls liquidateNFT when necessary. Some possible solutions include:

Explicitly invoking liquidateNFT in StabilityPool.sol when an NFT needs to be liquidated.
Removing the sender restriction (msg.sender == stabilityPool) if other components should be allowed to trigger liquidations.
Creating a dedicated liquidation function within StabilityPool that forwards the call to NFTLiquidator.

The correct fix depends on the intended protocol design, but without this integration, the liquidation mechanism remains non-functional.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!