users cannot repay their loan when `PauseType.Repay` is set to true

[hats-bug-reporter[bot]]

Github username: @Audinarey Twitter username: audinarey Submission hash (on-chain): 0x8f197744e0eca8348e4d96f04a891580ddebd01a1f43e3293f9fdafa8f0f2802 Severity: high

Description: Impact

Users may be not be able to repay their loans making them eligible for liquidation and thus loose their collateral.

Description\ The BBBorrow::repay(...) and SGLBorrow::repay(...) are functions that users call to repay their loans, however these functions are protected by a optionNotPaused(...) modifier with a PauseType.Repay argument which ensures the functions cannot be called whenever PauseType.Repay= true.

These are critical functions that should not be paused because pausing such fucntions can lead to users getting liquidated since they will not be able to repay their positions.

File: SGLBorrow.sol
54:     function repay(address from, address to, bool skim, uint256 part)
55:         external
56: @>   optionNotPaused(PauseType.Repay)
57:         notSelf(to)
58:         returns (uint256 amount)
59:     {
SNIP
.....
63: 
64:         amount = _repay(from, to, skim, part, true);
65:     }

File: BBBorrow.sol
61:         external
62: @>   optionNotPaused(PauseType.Repay)
63:         notSelf(to)
64:         returns (uint256 amount)
65:     {
66:         _tryUpdateOracleRate();
67: 
68:         _accrue();
69:         penrose.reAccrueBigBangMarkets();
70: 
71:         amount = _repay(from, to, part, true);
72:     }

Attack Scenario\

• The liquidationCollateralizationRate is 80%
• Bob's position is currently at a collateralizationRate of 75%,
• however due to market conditions the value of his collateral decreases bring his position to a collateralizationRate of 79%.
• PauseType.Repayis currently set to true.
• Bobs calls BBBorrow::repay(...) but the function reverts in the optionNotPaused(...) modifier
• Market conditions continue to deterioriate his position'scollateralizationRate is now 81%.
• Bob is now eligible for liquidation

Attachments

Revised Code File (Optional)

Modify the BBBorrow::repay(...) and SGLBorrow::repay(...) functions to ensure users are able to repay their loans as shown below

File: SGLBorrow.sol
54:     function repay(address from, address to, bool skim, uint256 part)
55:         external
56:     -   optionNotPaused(PauseType.Repay)
57:         notSelf(to)
58:         returns (uint256 amount)
59:     {
SNIP
.....
63: 
64:         amount = _repay(from, to, skim, part, true);
65:     }

File: BBBorrow.sol
61:         external
62:    -   optionNotPaused(PauseType.Repay)
63:         notSelf(to)
64:         returns (uint256 amount)
65:     {
66:         _tryUpdateOracleRate();
67: 
68:         _accrue();
69:         penrose.reAccrueBigBangMarkets();
70: 
71:         amount = _repay(from, to, part, true);
72:     }