nfmelendez - Liquidation fee is wrongly charged to the liquidators

[sherlock-admin2]

nfmelendez

High

Liquidation fee is wrongly charged to the liquidators

Summary

Liquidation fees should be charged to the position but instead is charged to the liquidator leading to less incentives to keep the system healthy

Vulnerability Detail

The PositionManager use the RiskModule to validate the liquidator attemp to liquidate a position. The LIQUIDATION_DISCOUNT in RiskModule::_validateSeizedAssetValue is used to increase the maxSeizedAssetValue cap so the liquidator can seize more assets so in other words the LIQUIDATION_DISCOUNT is the bonus the liquidator get for keep the system healthy. However the bonus that generates the incentive to liquidator to keep the system healthy is reduced because Sentiment is charging the liquidation fee in the PositionManager::_transferAssetsToLiquidator#280 to the liquidator's assetData[i].amt but should really charge the liquidation fee reducing the assets of the position because is the one that created the problem in the first place.

Here we can see that is taking the assets from the liquidator to the protocol:

    // @audit is charging fees to the amount of assets that the liquidator will seize.
    uint256 fee = liquidationFee.mulDiv(assetData[i].amt, 1e18);
    // @audit Protocol is getting profit from the liquidator instead of the owner of the bad debt which is the one who generated the bad debt. 
    Position(payable(position)).transfer(owner(), assetData[i].asset, fee);

Impact

• Liquidators have less incentives because are paying with their bonus the liquidation fee.
• The Position has incentives to be risky because they don't pay the liquidation fee with its assets.
• SentimentV2 protocol profit from the liquidators instead of the unhealthy debt that position created in first place.

Code Snippet

https://github.com/sherlock-audit/2024-08-sentiment-v2/blob/main/protocol-v2/src/RiskModule.sol#L155-L159

https://github.com/sherlock-audit/2024-08-sentiment-v2/blob/main/protocol-v2/src/PositionManager.sol#L474-L480

Tool used

• Manual Review
• VS code

Recommendation

One solution could be to increase maxSeizedAssetValue cap by the liquidation fee and the liquidation discount, so the liquidator collects the liquidation fee from the position and then Sentiment collects
the liquidation fee from the liquidator:

        uint256 maxSeizedAssetValue = debtRepaidValue.mulDiv(1e18, (1e18 - discount))
        + debtRepaidValue.mulDiv(1e18, (1e18 - liquidationFee)); // added by auditor, incresing the cap let the liquidator collect the liquidation fee that then willl be collected by the protocol.
        if (assetSeizedValue > maxSeizedAssetValue) {
            revert RiskModule_SeizedTooMuch(assetSeizedValue, maxSeizedAssetValue);
        }

Duplicate of #91