Description

The remove_collateral_internal function decides to check if the position is in shortfall after removing collateral depending on whether the checkShortfall argument is true or false:

else if (checkShortfall) {
    // check account position not shortfall
    // if caller is `liquidate_internal`, we don't check liquidatee's status
    assert!(!is_shortfall_internal(account_addr, pair_obj), ERR_ISOLATED_LENDING_SHORTFALL);
};

This option exists to skip the shortfall check when calling remove_collateral_internal to seize collateral from a position being liquidated in the liquidate_internal function. However, the remove_collateral and remove_collateral_fa functions also call remove_collateral_internal with the checkShortfall argument set to false, which is not in line with this intention.

Impact

After a user removes collateral, their position can be liquidated. This allows the user to intentionally create a shortfall position, leading to unintended situations.

Recommendations

Pass checkShortfall as true when calling remove_collateral_internal from remove_collateral or remove_collateral_fa.

Remediation

Echelon explained that this issue was intentionally included in the codebase; however, we have no way of verifying this.