neo - Account owner can make account healthy between liquidation start and auction bid, resulting in bidder getting rewarded.

[sherlock-admin]

neo

medium

Account owner can make account healthy between liquidation start and auction bid, resulting in bidder getting rewarded.

Summary

If an account who's liquidation has already started, account owner tries to repay partial amount to and make the account healthy. Debt is now reduced but liquidator still goes through with the bid and gets rewarded for making acccount healthy.

Vulnerability Detail

An account goes into liquidation when liquidateAccount is called. However account owner can still call repay and make the account healthy during this period. But a bidder can go ahead with the bid function with minimal askedAssetAmounts and still get rewarded for settling the liquidation in happy flow, _settleLiquidationHappyFlow. Also this additional fees and penalty to the accouns debt as a result since the bid went through.

Impact

Bidder gets rewards he does not deserve and account owner gets added additional rewards/penalties into their debt

Code Snippet

Liquidator.sol#L199 Liquidator.sol#L285 LendingPool.sol#L505

Tool used

Manual Review

Recommendation

Either do not allow account owner to repay once the liquidation has started or check for account health during bidding to revert the auction.

[sherlock-admin2]

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid

[nevillehuang]

Invalid, a user is encouraged to act as his own bidder for liquidation. They should perform an auctionRepay() instead via a bid himself instead. I don't believe the borrower get any additional funds here.