Tokens with lower decimals do not generate appropriate interest amounts
Summary
Any case where (l.interestRate * l.debt * timeElapsed) is lower than 3.1536e11 will make it an interest-free loan.
Vulnerability Details
Loans accrue interest for every second since being taken out. The issue arises when loans are taken in low-decimal high-value tokens like WBTC. Such tokens' decimals allow the interest calculation to round down to 0 due to the (l.interestRate * l.debt * timeElapsed) calculation being lower than 3.1536e11(10000 * 365 days in seconds).
For example, a loan with 1e6 worth of WTBC(around 300$) and a fee of 1000 basis points(10%) for 300 seconds will be interest-free. The same can be achieved with lower debt amounts for longer periods of time. For example, if the loan gets segmented into 10 smaller ones with 1e5 worth of debt in each the interest-free period will be more than 3000 seconds, and so on.
Impact
The lenders will not accrue fees for relatively short loans with such tokens.
Tools Used
Manual Review
Recommendations
Consider adding a flat interest that gets charged after a specific amount of seconds.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.