Liquidations in the Lender Commitment Group don't include owed interest

Summary

Liquidations in LenderCommitmentGroup_Smart.sol do not include the owed interest. This creates a weird dynamic where it may be beneficial for a borrower to default the loan and self-liquidate intead of paying the owed interest.

Vulnerability Detail

When liquidating a loan in the LendeCommitmentGroup contract, the amountOwed is calculated as such:

        uint256 amountDue = getAmountOwedForBid(_bidId, false);

    function getAmountOwedForBid(uint256 _bidId, bool _includeInterest)
        public
        view
        virtual
        returns (uint256 amountOwed_)
    {
        Payment memory amountOwedPayment = ITellerV2(TELLER_V2)
            .calculateAmountOwed(_bidId, block.timestamp);

        amountOwed_ = _includeInterest
            ? amountOwedPayment.principal + amountOwedPayment.interest
            : amountOwedPayment.principal;
    }

Since liquidations do not include owed interest, it may be financially incentivized for borrowers to intentionally default their loans and liquidate themselves instead, given that there is no penalty or protocol fee taken from liquidations.

Impact

Avoidance of interest
Creation of gaming dynamics for borrowers

Code Snippet

https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L426

Tool used

Manual Review

Recommendation

Include the interest in the amount owed.

Duplicate of #121

sherlock-audit / 2024-04-teller-finance-judging

0xDjango - Liquidations in the Lender Commitment Group don't include owed interest #293