fix: forbid unhealthy self repay

This(or a variant of this) was recommended by stermi for v3.4.
While we did not include it back then, we decided to include it now.

Author: sakulstra

docs/3.5/Aave-v3.5-features.md

@@ -46,3 +46,8 @@ This is done to ensure correct behavior in regards to user operations, so that e
 
 On transfers, the scaled amount is rounded `up`.
 While for other methods the rational is obvious(and well specified on ERC4626), on transfers the "correct" path is more debatable. We think that currently the more "problematic" code-path is, if you pull x funds, but you get x-1. Therefore by rounding up the scaled amount, we ensure that the contract pulling receives at least the amount it requested.
+
+### Misc changes
+
+- smaller refactoring in `LiquidationLogic` making the code more consistent
+- `repayWithAToken` is only allowed when the user is still healthy **after** the repayment. This is done in order to prevent some edge cases where the user would have debt, but no collateral or now with the adjustments on rounding, bringing himself into liquidation area through selfRepayment.

snapshots/Pool.Operations.json

@@ -12,10 +12,10 @@
   "liquidationCall: full liquidation and receive ATokens": "349352",
   "liquidationCall: partial liquidation": "343069",
   "liquidationCall: partial liquidation and receive ATokens": "340268",
-  "repay: full repay": "153786",
-  "repay: full repay with ATokens": "156959",
-  "repay: partial repay": "150138",
-  "repay: partial repay with ATokens": "152261",
+  "repay: full repay": "161792",
+  "repay: full repay with ATokens": "181180",
+  "repay: partial repay": "158144",
+  "repay: partial repay with ATokens": "179304",
   "supply: collateralDisabled": "139047",
   "supply: collateralEnabled": "139047",
   "supply: first supply->collateralEnabled": "168559",

snapshots/Pool.OperationsComposition.json

@@ -1,5 +1,5 @@
 {
   "batchLiquidate: liquidate 2 users": "485787",
-  "repayAndWithdraw: borrow disabled, collateral disabled": "289610",
+  "repayAndWithdraw: borrow disabled, collateral disabled": "291116",
   "supplyAndBorrow: first supply->collateralEnabled, first borrow": "371572"
 }

snapshots/WrappedTokenGatewayV3.json

@@ -1,6 +1,6 @@
 {
   "borrowETH": "235541",
   "depositETH": "194960",
-  "repayETH": "171130",
+  "repayETH": "179136",
   "withdrawETH": "245748"
 }

src/contracts/protocol/libraries/logic/BorrowLogic.sol

@@ -123,6 +123,7 @@ library BorrowLogic {
   function executeRepay(
     mapping(address => DataTypes.ReserveData) storage reservesData,
     mapping(uint256 => address) storage reservesList,
+    mapping(uint8 => DataTypes.EModeCategory) storage eModeCategories,
     DataTypes.UserConfigurationMap storage onBehalfOfConfig,
     DataTypes.ExecuteRepayParams memory params
   ) external returns (uint256) {
@@ -149,9 +150,9 @@ library BorrowLogic {
     // Allows a user to repay with aTokens without leaving dust from interest.
     if (params.useATokens && paybackAmount == type(uint256).max) {
       // Replicate aToken.balanceOf (round down), to always underestimate the collateral.
-      paybackAmount = IAToken(reserveCache.aTokenAddress)
-        .scaledBalanceOf(params.onBehalfOf)
-        .rayMulFloor(reserveCache.nextLiquidityIndex);
+      paybackAmount = IAToken(reserveCache.aTokenAddress).scaledBalanceOf(params.user).rayMulFloor(
+        reserveCache.nextLiquidityIndex
+      );
     }
 
     if (paybackAmount > userDebt) {
@@ -196,6 +197,15 @@ library BorrowLogic {
       if (isCollateral && IAToken(reserveCache.aTokenAddress).scaledBalanceOf(params.user) == 0) {
         onBehalfOfConfig.setUsingAsCollateral(reserve.id, params.asset, params.user, false);
       }
+      ValidationLogic.validateHealthFactor(
+        reservesData,
+        reservesList,
+        eModeCategories,
+        onBehalfOfConfig,
+        params.user,
+        params.userEModeCategory,
+        params.oracle
+      );
     } else {
       IERC20(params.asset).safeTransferFrom(params.user, reserveCache.aTokenAddress, paybackAmount);
     }

src/contracts/protocol/libraries/types/DataTypes.sol

@@ -213,6 +213,8 @@ library DataTypes {
     InterestRateMode interestRateMode;
     address onBehalfOf;
     bool useATokens;
+    address oracle;
+    uint8 userEModeCategory;
   }
 
   struct ExecuteWithdrawParams {

src/contracts/protocol/pool/Pool.sol

@@ -238,6 +238,7 @@ abstract contract Pool is VersionedInitializable, PoolStorage, IPool, Multicall
       BorrowLogic.executeRepay(
         _reserves,
         _reservesList,
+        _eModeCategories,
         _usersConfig[onBehalfOf],
         DataTypes.ExecuteRepayParams({
           asset: asset,
@@ -246,7 +247,9 @@ abstract contract Pool is VersionedInitializable, PoolStorage, IPool, Multicall
           amount: amount,
           interestRateMode: DataTypes.InterestRateMode(interestRateMode),
           onBehalfOf: onBehalfOf,
-          useATokens: false
+          useATokens: false,
+          oracle: ADDRESSES_PROVIDER.getPriceOracle(),
+          userEModeCategory: _usersEModeCategory[onBehalfOf]
         })
       );
   }
@@ -282,9 +285,18 @@ abstract contract Pool is VersionedInitializable, PoolStorage, IPool, Multicall
         amount: amount,
         interestRateMode: DataTypes.InterestRateMode(interestRateMode),
         onBehalfOf: onBehalfOf,
-        useATokens: false
+        useATokens: false,
+        oracle: ADDRESSES_PROVIDER.getPriceOracle(),
+        userEModeCategory: _usersEModeCategory[onBehalfOf]
       });
-      return BorrowLogic.executeRepay(_reserves, _reservesList, _usersConfig[onBehalfOf], params);
+      return
+        BorrowLogic.executeRepay(
+          _reserves,
+          _reservesList,
+          _eModeCategories,
+          _usersConfig[onBehalfOf],
+          params
+        );
     }
   }
 
@@ -298,6 +310,7 @@ abstract contract Pool is VersionedInitializable, PoolStorage, IPool, Multicall
       BorrowLogic.executeRepay(
         _reserves,
         _reservesList,
+        _eModeCategories,
         _usersConfig[_msgSender()],
         DataTypes.ExecuteRepayParams({
           asset: asset,
@@ -306,7 +319,9 @@ abstract contract Pool is VersionedInitializable, PoolStorage, IPool, Multicall
           amount: amount,
           interestRateMode: DataTypes.InterestRateMode(interestRateMode),
           onBehalfOf: _msgSender(),
-          useATokens: true
+          useATokens: true,
+          oracle: ADDRESSES_PROVIDER.getPriceOracle(),
+          userEModeCategory: _usersEModeCategory[_msgSender()]
         })
       );
   }

tests/protocol/pool/Pool.Repay.t.sol

@@ -176,6 +176,21 @@ contract PoolRepayTests is TestnetProcedures {
     );
   }
 
+  function test_repayWithATokens_shouldRevertIfUnhealthyAfterRepayment() external {
+    uint256 amount = 2000e6;
+    uint256 borrowAmount = 1600e6;
+    vm.startPrank(alice);
+    // supply enough collateral to borrow out everything
+    contracts.poolProxy.supply(tokenList.usdx, amount, alice, 0);
+    contracts.poolProxy.borrow(tokenList.usdx, borrowAmount, 2, 0, alice);
+    vm.warp(vm.getBlockTimestamp() + 365 days * 100);
+
+    vm.expectRevert(
+      abi.encodeWithSelector(Errors.HealthFactorLowerThanLiquidationThreshold.selector)
+    );
+    contracts.poolProxy.repayWithATokens(tokenList.usdx, 2, 2);
+  }
+
   function test_repayWithATokens_fuzz_collateral_variable_borrow(
     uint256 repayAmount,
     uint32 timeDelta