attacker can create un collateralized debt by reentrancy attack during _removeCollateral() by removing all collaterals and liquidating the last one which would set debt to zero. unfair liquidation can happen with reentrancy too
Lines of code Vulnerability details Impact Function removeCollateral removes collateral from msg.senders vault and code allows for onReceive hook to sell and repay debt before the debt check. during the hook function user can call other function of the PaprController contract, it's possible for...