M-11 MitigationConfirmed

[c4-bot-5]

Lines of code

Vulnerability details

C4 Issue

M-11: Lack of safety buffer in _checkLoanIsHealthy could subject users who take out the max loan into a forced liquidation

Issue Details

The _checkLoanIsHealthy function inside V3Vault is used to assess a user’s given position and determine the health factor of the loan ( e.g if the the loan is overcollateralized enough).

Problem was that no buffer was implemented that would prevent users from borrowing at the borderline of loan to value ratio - e.g if debt could be no more than 80% of the collateral value, users were able to borrow all of those 80%. This is problematic, because such loans could become insolvent very fast with even the tiniest price swings.

Mitigation

PR-17 successfully mitigates the original issue by introducing a BORROW_SAFETY_BUFFER that creates a 5% gap so that loans will remain stable even if small debt or price changes happen

The 5% gap is used in the borrow() & decreaseLiquidityAndCollect() functions to safeguard against creating unstable loans.

Here is the change in the loan health calculations:

function _checkLoanIsHealthy(uint256 tokenId, uint256 debt, bool withBuffer)
        internal
        view
        returns (bool isHealthy, uint256 fullValue, uint256 collateralValue, uint256 feeValue)
    {
        (fullValue, feeValue,,) = oracle.getValue(tokenId, address(asset));
        uint256 collateralFactorX32 = _calculateTokenCollateralFactorX32(tokenId);
        collateralValue = fullValue.mulDiv(collateralFactorX32, Q32);
   -->     isHealthy = (withBuffer ? collateralValue * BORROW_SAFETY_BUFFER / Q32 : collateralValue) >= debt;
    }

Conclusion

Mitigation Confirmed

[c4-judge]

jhsagd76 marked the issue as satisfactory

[c4-judge]

jhsagd76 marked the issue as nullified

[c4-judge]

jhsagd76 marked the issue as not nullified

[c4-judge]

jhsagd76 marked the issue as satisfactory