Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Loss of funds to protocol and lenders due to precision loss

33audits

Summary

When the _calculateInterest function is called precision loss can occur if the interestRate, debt, and timeElapsed are too small.

Vulnerability Details

The equation below can incur precision loss when attempting to calculate the interest and the fees for a given loan.

Let's say the interest on a loan is set to 1%. With a debt of 5 and a time elapsed of 3 days. The math would be as follows.

100 * 5 * 10 = 50000 / 10000 = 0 / 365 days

interest = (l.interestRate * l.debt * timeElapsed) / 10000 / 365 days;
fees = (lenderFee * interest) / 10000;
interest -= fees;

Leaving us with an interest rate of zero and a protocol fee of zero as well. This would allow users to take out interest-free loans.

Impact

A user would be able to take out interest-free loans and the protocol would not collect fees either causing a loss of funds to the lenders and the protocols.

Tools Used

Manual review.

Recommendations

It's important to remember that the protocol's objective isn't to facilitate zero-interest loans. Therefore, verifying that neither the interest rate nor the fees are zero can help prevent precision loss and trigger a reversal if necessary. Additionally, establishing a minimum loan size could ensure that the LHS of the equation consistently exceeds the RHS.

interest = (l.interestRate * l.debt * timeElapsed) / 10000 / 365 days;
fees = (lenderFee * interest) / 10000;
if(interest == 0 || fees == 0) revert PrecisionLoss();
interest -= fees;

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.