Smooth Satin Chicken
Medium
The lack of refinancing capability during a paused state will cause an increased liquidation risk for borrowers unable to repay their loans, as the protocol will continue to accrue interest and prevent refinancing, leaving borrowers unable to reduce debt or extend loan terms.
function refinance(Refinancing calldata refinancing) external nonReentrant whenNotPaused {The choice to disable refinancing during a paused state is a mistake as borrowers are unable to reduce debt or extend loan terms through refinancing, which can lead to increased liquidation risk as interest continues to accrue.
1.Admin needs to call togglePaused() to set the protocol to be paused.
2.Borrower needs to accumulate debt so that the total loan debt is at least higher than the original loan amount due to interest accrual.
3.Borrower needs to be unable to repay the loan using their own funds, requiring a refinancing solution.
4.New lender needs to be available to provide a refinancing offer, but the protocol must remain paused, preventing the refinancing from occurring.
/**
* @notice When a contract is paused, no new loans including refinancing and auction can be created.
* All operations with existing loans still work.
* Only callable by admins.
*/
function togglePaused() external onlyRole(DEFAULT_ADMIN_ROLE) {
paused() ? _unpause() : _pause();
}In the provided smart contract, the vulnerability is not directly related to the logical execution of the functions but is tied to protocol behavior when paused. This vulnerability presents a medium-level risk with a lower probability of occurrence, as it requires specific internal conditions to trigger. The key issue arises when the protocol is paused by an administrator, which halts critical functions such as refinancing and auctions, as indicated by the togglePaused() function.
Example Scenario:
1.A borrower has an active loan that has not yet matured but is temporarily unable to repay due to a lack of funds.
2.To avoid liquidation of the collateral, the borrower identifies a new lender willing to provide refinancing. This new lender could repay the borrower’s existing debt, thereby stopping the accumulation of interest on the original loan.
3.However, the protocol is paused by the administrator, which suspends the refinancing function.
4.During the paused state, interest continues to accumulate on the original loan. This means that even though the borrower has secured refinancing, they cannot execute it to reduce the debt.
5.By the time the protocol is resumed, the accumulated interest has significantly increased the borrower’s total debt, possibly resulting in the liquidation of the collateral. This liquidation could have been avoided if refinancing had been allowed during the pause.
The core issue is that when the protocol is paused, borrowers cannot use refinancing options to reduce their accumulating debt. As a result, their debt increases, leading to a higher risk of liquidation once the protocol is resumed. This could have been mitigated by allowing refinancing during the paused state, providing borrowers with a critical tool to manage their debt and avoid unnecessary liquidation.
The borrower cannot execute refinancing during a paused state, leading to increased liquidation risk. As a result, the borrower could lose their collateral if they are unable to repay the loan or refinance before the loan matures.
To mitigate this issue, the protocol should allow refinancing operations during a paused state, enabling borrowers to:
- Repay their loan indirectly through refinancing, where a new lender can settle the existing loan.
- Extend the loan duration to reduce the risk of liquidation.
This would ensure that borrowers are not disproportionately affected during protocol pauses and have more flexibility in managing their loans.