079.md

J4de

medium

Liquidation should be carried out according to the outstanding amount of the borrower, rather than directly liquidating all collateral

Summary

Liquidation should be carried out according to the outstanding amount of the borrower, rather than directly liquidating all collateral.

Vulnerability Detail

File: CollateralManager.sol
255     function withdraw(uint256 _bidId) external {
256         BidState bidState = tellerV2.getBidState(_bidId);
257         if (bidState == BidState.PAID) {
258             //if the bid is fully repaid the borrower gets all collateral assets back
259             _withdraw(_bidId, tellerV2.getLoanBorrower(_bidId));
260  >>     } else if (tellerV2.isLoanDefaulted(_bidId)) {
261             //if the bid is defaulted the lender gets all of the collateral
262             _withdraw(_bidId, tellerV2.getLoanLender(_bidId));
263             emit CollateralClaimed(_bidId);
264         } else {
265             revert("collateral cannot be withdrawn");
266         }
267     }

When the borrower is in a liquidation state, the lender can call the withdraw function of the CollateralManager.sol contract to withdraw all the borrower’s collateral, even if the borrower has already paid back part of the money. Assuming that the borrower has repaid 90% of the loan but defaulted, a part of the collateral should be reserved for the borrower. For example, the borrower forgets to pay the last payment.

Impact

Unfair to borrowers.

Code Snippet

https://github.com/teller-protocol/teller-protocol-v2/blob/cb66c9e348cdf1fd6d9b0416a49d663f5b6a693c/packages/contracts/contracts/CollateralManager.sol#L250-L260

Tool used

Manual Review

Recommendation

It is recommended to liquidate the collateral according to a ratio.