Precision loss when calculating the protocol interest
Summary
The calculation of the fees (protocolInterest) in the Lender::_calculateInterest() suffers from a rounding down issue, resulting in a small precision loss that can be improved.
Vulnerability Details
Division before multiplication can lead to rounding down issue since Solidity has no fixed-point numbers. Consider the calculation of the fees (protocolInterest) in the _calculateInterest(), the function does the division (by the remainder part: "/ 10000 / 365 days") before the multiplication (by lenderFee). Hence, the computed result can suffer from the rounding down issue, resulting in a small precision loss, especially in a loan token with small decimals.
-
Division (by the remainder part: "/ 10000 / 365 days") before multiplication: https://github.com/Cyfrin/2023-07-beedle/blob/658e046bda8b010a5b82d2d85e824f3823602d27/src/Lender.sol#L724 -
Multiplication (by lenderFee) after division: https://github.com/Cyfrin/2023-07-beedle/blob/658e046bda8b010a5b82d2d85e824f3823602d27/src/Lender.sol#L725
Impact
The computed fees (protocolInterest) returned by the _calculateInterest() can suffer from the rounding down issue, resulting in a small precision loss, especially when a loan token has small decimals (e.g., GUSD (Gemini dollar) has 2 decimals).
Tools Used
Manual Review
Recommendations
I recommend improving the formula for calculating the fees by taking multiplications before divisions to prevent truncation, as shown below.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.