Obedient Lava Monkey
Medium
The failure to validate useATokens repayment mode when a user has insufficient aTokens balance will cause a partial repayment or unintended debt clearing for the user as the burn function fails or creates collateral inconsistencies.
In BorrowLogic.sol, when params.useATokens is true, the repayment amount (params.amount) defaults to the caller’s aTokens balance, but there is no validation to ensure the balance is sufficient for the desired repayment.
- User has an active debt position and collateral provided in
aTokens. - User calls
executeRepaywithuseATokens = true, but theiraTokensbalance is less thanparams.amount.
- No manipulation of external reserves or dependencies is required.
- Users are actively using
aTokensas collateral.
- A user has an active borrow position and partially redeemed their
aTokens(e.g., borrowed 100 units but holds only 50aTokens). - The user calls
executeRepaywithuseATokens = trueand setsparams.amountto a value exceeding their availableaTokensbalance (e.g., 100 units). - The repayment process attempts to burn
aTokens(viaIAToken.burn), leading to incomplete repayment or a revert. - If incomplete repayment occurs, the user’s remaining collateral is mismanaged, leaving the system with improper debt and collateral accounting.
Users may lose their remaining collateral (aTokens) without fully repaying their debt, or the protocol may encounter collateral-debt inconsistencies. This creates systemic risks and potential user losses. Impact depends on the extent of the user's position but could lead to insolvency in edge cases.
Add a validation step in executeRepay to ensure the caller’s aTokens balance is at least equal to params.amount when useATokens = true.