0x3b - Big LP providers can just exit to avoid negative yield

Question

0x3b - Big LP providers can just exit to avoid negative yield

Closed this issue 2 months ago · 3 comments

0x3b

medium

Big LP providers can just exit to avoid negative yield

Summary

Liquidations take approximately 1 day and 3 hours to reduce principal needed from 100% to 0%. This duration provides ample time for large LPs to exit the pool.

Vulnerability Detail

liquidateDefaultedLoanWithIncentive employs an auction mechanism where at T = 0, the liquidator needs to provide 8x the principal amount. At T = 1 day, the liquidator can provide just the principal for the collateral, and by T = 1 day + ~3 hours, 100% of the collateral is given for 0% of the principal.

These prolonged auctions give LP providers sufficient time to notice and exit the pool just before the auctions commence, and then re-enter after they conclude. Exiting the pool saves them from the bad debt (when tokenDifferenceFromLiquidations is decreased). It also distributes the debt to other less fortunate LPs.

Example:

Alice owns 10% of the pool shares.
Bob's loan defaults.
Alice realizes that it would be profitable to liquidate Bob’s loan on T = 1 day.
A few minutes before T = 1 day, Alice exits the pool.
Liquidators proceed with the liquidation of Bob’s loan.
Alice re-enters the pool with the same amount, now owning a larger fraction of it (as the share price has decreased).

Impact

LPs can save some of their assets by avoiding bad debt. This bad debt is then distributed among other LPs who did not leave the pool.

Code Snippet

        } else {
            uint256 tokensToGiveToSender = abs(_tokenAmountDifference);

            IERC20(principalToken).transferFrom(
                msg.sender,
                address(this),
                amountDue - tokensToGiveToSender
            );

            tokenDifferenceFromLiquidations -= int256(tokensToGiveToSender);
            totalPrincipalTokensRepaid += amountDue;
        }

Tool used

Manual Review

Recommendation

Implement a two-step withdrawal procedure, where LPs need to schedule a withdrawal and then wait the duration it takes to liquidate a loan. This will prevent them from avoiding bad debt.

Duplicate of #110

Answer 1 · 2024-05-07T13:25:20.000Z

A withdrawl delay is added to address issue #44, the question is how LONG should this window be . That issue suggests a short timeframe, this issue suggests a longer timeframe.

Answer 2 · 2024-05-15T19:02:18.000Z

The protocol team fixed this issue in the following PRs/commits:
teller-protocol/teller-protocol-v2-audit-2024#20

Answer 3 · 2024-06-11T11:30:45.000Z

The Lead Senior Watson signed off on the fix.