When the nftValueETH is set by the DAO, a certain amount of JPEG tokens are required to be locked.
However, in the current implementation, when the locked JPEG tokens unlock, nftValueETH remains valid and the user can withdraw all the locked JPEG tokens without repaying the debt first.
If the market price for the NFT drops and in combination with unlocked JPEG tokens, making the user incline to default the loan. As a result, the risk of bad debt increases for the protocol.
Recommendation
Consider requiring a re-assessment of nftValueETH before the JPEG tokens are unlocked, or the nftValueETH from a year ago should be considered stale and not good to continue being used as the collateral, therefore the loan must be repaid before the user can retrieve the unlocked JPEG tokens.
Lines of code
https://github.com/code-423n4/2022-04-jpegd/blob/e72861a9ccb707ced9015166fbded5c97c6991b6/contracts/vaults/NFTVault.sol#L360-L381
Vulnerability details
https://github.com/code-423n4/2022-04-jpegd/blob/e72861a9ccb707ced9015166fbded5c97c6991b6/contracts/vaults/NFTVault.sol#L360-L381
When the
nftValueETH
is set by the DAO, a certain amount of JPEG tokens are required to be locked.However, in the current implementation, when the locked JPEG tokens unlock,
nftValueETH
remains valid and the user can withdraw all the locked JPEG tokens without repaying the debt first.If the market price for the NFT drops and in combination with unlocked JPEG tokens, making the user incline to default the loan. As a result, the risk of bad debt increases for the protocol.
Recommendation
Consider requiring a re-assessment of
nftValueETH
before the JPEG tokens are unlocked, or thenftValueETH
from a year ago should be considered stale and not good to continue being used as the collateral, therefore the loan must be repaid before the user can retrieve the unlocked JPEG tokens.