000000 - `auction()` allows for undercollateralized loans

[sherlock-admin3]

000000

Medium

auction() allows for undercollateralized loans

Summary

auction() allows for undercollateralized loans

Root Cause

No check in auction() for the collateralization ratio

Internal pre-conditions

1. A loan has generated more debt than the collateral of the loan

External pre-conditions

No external pre-conditions

Attack Path

Not an attack path but the scenario that will happen:

1. A loan is listed for auction - loan has generated 20 debt which makes the total debt 120 since the original loan was 100 (excluding protocol fees while including them makes this even more likely)
2. Loan had a 100% CR so it has 100 collateral
3. The new loan created through auction() is now with loan amount equal to 120 (or more if we include protocol fees) and 100 collateral which is severely undercollateralized
4. Everything passes and loan is created as there is no check disallowing that

Impact

Undercollateralized loans are possible which is unhealthy for the system

PoC

No response

Mitigation

No response

[sherlock-admin2]

The protocol team fixed this issue in the following PRs/commits: https://github.com/PredictDotFun/predict-dot-loan/pull/39