Issue M-1: _calculateMaxBorrowCollateral calculates repay incorrectly and can lead to set token liquidation
Source: sherlock-audit#26
0x52, Kirkeelee
When calculating the amount to repay, _calculateMaxBorrowCollateral incorrectly applies unutilizedLeveragePercentage when calculating netRepayLimit. The result is that if the borrowBalance ever exceeds liquidationThreshold * (1 - unutilizedLeveragPercentage) then all attempts to repay will revert. This is nearly identical to the valid issue reported in the last contest that was fixed in the Aave leverage extension.
In MorphoLeverageStrategyExtension.sol:L1124 the borrow limit is reduced by unutilizedLeveragePercentage which will cause L1134 to underflow and revert.
unutilizedLeveragePercentage must be a nonzero value. For context this is nonzero for every existing leveraged token currently deployed by Index Coop.
The underlying collateral value decreases rapidly in price pushing the set towards liquidation
- The price of the underlying collateral decreases rapidly causing
liquidationThresholdto drop borrowBalanceexceedsliquidationThreshold * (1 - unutilizedLeveragPercentage)- Calls to
MorphoLeverageStrategyExtension#ripcordwill revert due to underflow - Set token is liquidated
Set token suffers losses due to liquidation fee. For most Morpho markets this is at least 5%. Due to the leveraged nature of the set the loss will be multiplicative. This means a 3x leverage token will lose 15% NAV (5% * 3), 5x leverage will lose 25% NAV (5% * 5), etc.
No response
Don't adjust the max value by unutilizedLeveragPercentage when deleveraging