anya - Premature earlyTerminate Flag Setting in auctionRepay Function in LendinPool.sol

[sherlock-admin2]

anya

medium

Premature earlyTerminate Flag Setting in auctionRepay Function in LendinPool.sol

Summary

The auctionRepay function sets the earlyTerminate flag to true before fully verifying if the debt has been fully repaid. This potentially leads to inconsistencies and unexpected behaviour depending on _settleLiquidationHappyFlow and other dependent functions handle this flag.

Vulnerability Detail

Premature Flag Setting: The earlyTerminate flag is set to true based on the comparison accountDebt <= amount. However, the actual debt repayment (using _withdraw) occurs later in the function.

    function auctionRepay(uint256 startDebt, uint256 minimumMargin_, uint256 amount, address account, address bidder)
        external
        whenLiquidationNotPaused
        onlyLiquidator
        processInterests
        returns (bool earlyTerminate)
    {

            ....
            earlyTerminate = true;
            unchecked {
                _settleLiquidationHappyFlow(account, startDebt, minimumMargin_, bidder, (amount - accountDebt));
            }
            amount = accountDebt;
        }

        _withdraw(amount, address(this), account);

        emit Repay(account, bidder, amount);
    }

Potential Issues: Depending on the implementation of _settleLiquidationHappyFlow, setting the flag prematurely could lead to:

• Incorrect Termination: The auction might be terminated even if the full debt repayment fails, potentially leaving remaining debt unaddressed.
• Incorrect Surplus Handling: If _settleLiquidationHappyFlow assumes a full repayment when the flag is true, surplus funds calculated incorrectly or distributed inaccurately.
• Unexpected Behavior: Other dependent functions relying on the earlyTerminate flag might exhibit unintended behavior due to its premature setting.

Impact

• Incomplete debt repayment, leaving outstanding balances.
• Inaccurate handling of surplus funds, potentially issues in further calculation

Code Snippet

https://github.com/sherlock-audit/2023-12-arcadia/blob/main/lending-v2/src/LendingPool.sol#L500-L510

Tool used

Manual Review

Recommendation

Move earlyTerminate Flag Setting: Set the earlyTerminate flag after successfully completing the debt repayment using _withdraw. This ensures accurate reflection of the final state.

[sherlock-admin2]

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid

[nevillehuang]

Invalid, there seems to be some misunderstanding here, you can only terminate early when bidder bids exceed debt in auction as seen in comments here