FLO-23: Manual Liquidations Bypass Configured Top-up Sources #232
Description
Severity: Low
Files Affected
cadence/contracts/FlowALPv1.cdc
Description
The protocol allows users to configure a topUpSource for their position, which automatically pulls underflown value to prevent liquidation in the event of undercollateralization. Any external party can call manualLiquidation() to liquidate a position if its health drops below 1.0. However, the manualLiquidation() function does not attempt to utilize the configured topUpSource before executing the liquidation. Because automated rebalancing relies on an asynchronous queue ( asyncUpdate()) , there is a critical time window where an unhealthy position can be liquidated by a third party before the protocol's internal bot can pull the available backup funds. This penalizes users who correctly utilized the protocol's safety features to secure their positions.
Recommendation
Modify the manualLiquidation() function to actively attempt a rebalance before evaluating the position's health for liquidation. By calling _rebalancePositionNoLock() with the force parameter set to true, the protocol will attempt to pull funds from the topUpSource. If the source is sufficiently funded, the position's health will be restored, and the subsequent health assertion will correctly revert the liquidation attempt.
Parent Issue: #209