Auctions should be removed when the loan becomes over collateralized by external reason
Summary
Auctions can only be removed when settle, takeLoan, and drawDebt/repayDebt by himself.
But LUP can also be increased by new deposits or repayDebt by others.
By doing these, loans become over collateralized and the auctions should be able to be removed.
Vulnerability Detail
Impact
Actors can take loan & settle auctions of loans that are over collateralized
takeLoan/settle should have isCollateralized check at the beginning.
And there should be way to remove Auction. Just check isCollateralized and remove Auction.
james_wu
high
Auctions should be removed when the loan becomes over collateralized by external reason
Summary
Auctions can only be removed when settle, takeLoan, and drawDebt/repayDebt by himself. But LUP can also be increased by new deposits or repayDebt by others. By doing these, loans become over collateralized and the auctions should be able to be removed.
Vulnerability Detail
Impact
Actors can take loan & settle auctions of loans that are over collateralized
Code Snippet
https://github.com/sherlock-audit/2023-01-ajna/blob/main/contracts/src/libraries/external/Auctions.sol#L669-L707
Tool used
Manual Review
Recommendation
takeLoan/settle should have isCollateralized check at the beginning. And there should be way to remove Auction. Just check isCollateralized and remove Auction.