081.md

Obedient Lava Monkey

High

Miscalculated Collateral Sufficiency Allows Over-Borrowing in Isolation Mode

Summary

A missing adjustment for effective collateral in isolation mode will cause over-borrowing for borrowers as the protocol will overestimate available collateral, allowing borrowers to take loans exceeding safe thresholds.

---

Root Cause

In ValidationLogic.validateBorrow, the function calculates vars.userCollateralInBaseCurrency using all user collateral without filtering for eligibility based on liquidation thresholds or isolation mode constraints. This causes the protocol to overestimate the amount of collateral available to secure a loan, allowing borrowers to exceed safe borrowing limits in isolation mode. The missing logic fails to exclude assets that either:

1. Have a zero liquidation threshold (non-liquidatable collateral).
2. Are restricted by isolation mode debt ceilings.

---

Internal Pre-conditions

1. Protocol Admin needs to configure an asset with isolationModeActive = true and a non-zero debtCeiling.
2. User needs to supply assets with non-zero liquidation thresholds in isolation mode.

---

External Pre-conditions

1. Collateral Prices from the oracle must remain stable or increase slightly to avoid immediate liquidation.

---

Attack Path

1. User supplies collateral in isolation mode with a high LTV but a non-zero liquidation threshold.
2. User attempts to borrow assets using borrow().
3. The system incorrectly calculates the user’s total collateral, including ineligible collateral, and approves the borrow.
4. User withdraws borrowed funds, leaving the protocol under-collateralized.

---

Impact

• The protocol suffers a potential loss of bad debt, as under-collateralized positions cannot be fully liquidated.
• The borrower gains excess borrowing power, effectively draining the reserve.

---

Mitigation

Adjust the calculation in validateBorrow to consider only liquidation-threshold-adjusted collateral: