Fuzz setup incorrectly mints loanTokens to borrower
Summary
The setup in Fuzzing.t.sol mints the borrower 100K loan tokens causing some assertions to always fail. Additionally, in some assertions about debt balances, the fees are not taken into account.
Vulnerability Details
On line 79 of Fuzzing.t.sol, 100K loan tokens are minted to the borrower.
This leads to assertions pertaining to borrower balance post-borrow to fail. As an example, In the fuzz test testFuzz_borrow, there is the following assertion:
assertEq(loanToken.balanceOf(address(borrower)), debtAmount);
However, since the borrower is minted 100K loanTokens in the setup, his balance is always 100K more than whatever has been borrowed in any given fuzz test. This leads to assertions involving borrower loanToken balance, to fail.
Another issue is that when the above mentioned assertion is made, the fees are not accounted for. This also leads the assertion to fail even though the borrower is not minted any loanTokens in setup. As such, it is recommended to account for fees when making the assertion in tests such as the borrow fuzz test:
assertEq(loanToken.balanceOf(address(borrower)), debtAmount-((debtAmount*50)/10000));
Impact
Informational
Tools Used
Foundry
Recommendations
Change the check loanRatio > pool.maxLoanRatio, to loanRatio >= pool.maxLoanRatio.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.