There is no way to liquidate underwater loans

[c4-bot-2]

Lines of code

https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/loan/LendingTerm.sol#L652-L656

Vulnerability details

Impact

As explained by the devs, markets are composed of one peg token (USDC) and a few terms that can have different collateral tokens (USDC, WETH, DAI). However, currently, there is no way to liquidate undercollateralized single positions.

Proof of Concept

In the current system, to liquidate a loan, you need either of these two:

• The borrower has missed a partial repayment.
• The gauge is removed.

require( 
    GuildToken(refs.guildToken).isDeprecatedGauge(address(this)) ||
    partialRepayDelayPassed(loanId),
   "LendingTerm: cannot call"
);

However, there is no measure to liquidate single borrowers with undercollateralized loans. The only possibility that remains is term offboarding. However, this will also cause all other borrowers to be liquidated as well. Moreover, it will take a week, with the possibility of being vetoed.

This leads to an issue where a borrower has paid its partial payment, but their collateral asset value goes below their debt value, at which point the system acquires bad debt. After a borrower's debt becomes more than their collateral, the borrower can just stop paying the partial payments and leave with the debt token.

Example:

prerequisites	values
Borrower coll	10 WETH
Borrower loan	16000 USDC
WETH price	2000 USDC
maxDebtPerCollateralToken	0.8e18 (80%)

1. In a span of a few days, the market crashes, and WETH price falls to 1500 USDC.
2. The borrower's collateral is now worth 15,000 USDC, so there is no point in paying the USDC for it.
3. The borrower leaves with their loan (16k USDC), making a profit of 1000 USDC.

Tools Used

Manual review.

Recommended Mitigation Steps

The easiest suggestion to implement is to restrict the collateral to the same token as the loan. This way, they are going to maintain a ratio of 1:1. While borrowers will still be able to sell their received loan tokens for another token of their choice.

Assessed type

Error

[c4-pre-sort]

0xSorryNotSorry marked the issue as sufficient quality report

[c4-pre-sort]

0xSorryNotSorry marked the issue as primary issue

[c4-sponsor]

eswak (sponsor) disputed

[eswak]

The way the protocol is expected to handle these situations is by having offchain observers looking at the debt positions, and if one of them gets close to underwater (or is underwater), offboard the term and call all loans.

The issue states that "term offboarding [...] will take a week with the possibility of being vetoed", but this is not the case, offboarding can be as fast as 2 blocks and cannot be vetoed.

If one loan can grow out of health while the other loans are still safe, that means the lending term parameters are incorrect (it should have required periodic payments), and it is the expected behaviors that all loans of this term go into liquidation if the term is offboarded.

Borrowers with a healthy position that go into liquidation can bid on their own collateral to prevent leaking any MEV, which is equivalent to repaying their loan.

[Trumpero]

This is not a dup of #1057, as it mentions the case where the collateral's price goes down. In this scenario, the term should be off-boarded, and all loans will be callable.

[c4-judge]

Trumpero marked the issue as unsatisfactory:
Invalid

[c4-judge]

Trumpero marked the issue as unsatisfactory:
Invalid