Obedient Lava Monkey
Medium
Incorrect Handling of setBorrowing on First Borrow Allows Permanent Borrowing State Even After Repayment
Failure to properly reset the borrowing state in userConfig when the first borrowing is followed by full repayment will cause an incorrect perpetual borrowing state for users as the protocol will incorrectly mark them as borrowers despite having no outstanding debt.
In BorrowLogic.sol, the executeBorrow function sets the borrowing state for a user as follows:
if (isFirstBorrowing) {
userConfig.setBorrowing(reserve.id, true);
}However, there is no mechanism in executeRepay to reset this state when the user fully repays their debt. This leads to users being marked as borrowers even after they clear all their liabilities, resulting in unintended behavior in other parts of the protocol, such as liquidation checks or borrowing power calculations.
- User performs their first borrowing (
isFirstBorrowingistrue). - User repays their entire debt through
executeRepay.
- The debt token’s balance (
variableDebt) for the user reaches zero after repayment.
- User borrows for the first time, triggering
userConfig.setBorrowing(reserve.id, true). - User fully repays their debt, but the borrowing state remains
true. - The protocol continues to treat the user as a borrower, affecting actions like collateral usage or liquidation status.
The users suffer incorrect protocol behavior, such as reduced borrowing power or improper liquidation attempts. The protocol risks inefficiencies in handling user states and calculations.
Update the executeRepay function to reset the borrowing state when the user's debt is fully repaid:
if (variableDebt - paybackAmount == 0) {
userConfig.setBorrowing(reserve.id, false);
}