Boost _ Folks Finance 33935 - [Smart Contract - Insight] Liquidations dont ensure the violator loan
Liquidations don't ensure the violator loan becomes healthy afterwards
Submitted on Fri Aug 02 2024 02:04:59 GMT-0400 (Atlantic Standard Time) by @jovi for Boost | Folks Finance
Report ID: #33935
Report type: Smart Contract
Report severity: Insight
Target: https://immunefi.com/
Impacts:
Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield
Description
Liquidations don't ensure the violator loan becomes healthy afterwards
Brief/Intro
In liquidations, the borrower repays his debt with some of his collateral plus a bonus amount as incentives to the liquidator and as fees to the protocol. The executeLiquidate function, however, does not ensure the liquidation makes the borrower's position healthy, leaving the position exposed to repeated liquidations.
Vulnerability Details
The executeLiquidate function at the LoanManagerLogic contract coordinates the main logic behind liquidations. During its final checks, it ensures the liquidator's loan is over-collateralized after taking over part of the validator loan:
However, the violator loan not only has lost some borrowed amount, but also some collateral amount. That means the violator's position is not necessarily healthier than it was before as ought to be checked if it is over-collateralized as well after the liquidation happens.
Impact Details
Liquidators may liquidate a violator's loan to states that are less healthy than before and start a loop of liquidations till all the violator loan is drained.
// check liquidator loan in over-collateralized after taking over part of the violator loan
loansParams.checkLiquidatorLoan(userLoans, loanTypes, pools, params.oracleManager);
