Inadequate Debt Calculation in Lender Smart Contract
Summary
The Lender.sol smart contract contains a vulnerability that leads to an incorrect calculation of the borrowed debt, resulting in borrowers receiving less debt than intended due to the deduction of fees from the loan amount.
Vulnerability Details
In the borrow function of the Lender contract, the calculation of the debt variable, which represents the loan amount to be borrowed, does not account for the deduction of fees before transferring the loan tokens to the borrower. The fees are subtracted from the loan amount after calculating the accrued interest, leading to borrowers receiving less debt than they expect.
The relevant code snippet is as follows:
Impact
The vulnerability allows an borrower to borrow less than the intended loan amount, affecting the usability and functionality of the Lender contract. Borrowers might unknowingly receive reduced funds, potentially leading to incorrect financial decisions or service disruptions.
Tools Used
Manual Review
Recommendations
To address this issue, the debt calculation should deduct the fees before transferring the loan tokens to the borrower.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.