Obedient Lava Monkey
Medium
The unrestricted transfer of aTokens in _liquidateATokens will cause isolation mode restrictions to be bypassed for the liquidator as the transferOnLiquidation function does not enforce isolation mode constraints, allowing the liquidator to hold isolated aTokens and potentially over-leverage their position.
In LiquidationLogic.sol (within _liquidateATokens), the transferOnLiquidation function transfers aTokens to the liquidator without verifying isolation mode constraints on the liquidator's configuration. Isolation mode limits are only checked when using tokens as collateral but are not enforced during liquidation transfers.
- A reserve is marked as isolated in its configuration.
- A user holds aTokens in isolation mode and gets liquidated.
- The liquidator has a position that could violate isolation mode constraints upon receiving the aTokens.
None (assumes trusted dependencies).
- A user gets liquidated while holding aTokens from an isolated reserve.
- The liquidator receives the isolated aTokens via
transferOnLiquidation. - The protocol does not verify isolation mode constraints on the liquidator's position during the transfer.
- The liquidator uses the isolated aTokens as collateral, bypassing isolation mode limits and potentially over-leveraging their position.
Liquidators could over-leverage positions, increasing the likelihood of cascading liquidations and insolvency in edge cases.
Before enabling the liquidator's aTokens as collateral, enforce isolation mode constraints by checking the liquidator's updated configuration after receiving the aTokens.