Summary

The value of interest is not properly calculated which make the whole _calculateInterest function to not perform as intended and loss of fee or profit to the protocol.

Vulnerability Details

The lender.sol consists of the following code:
function _calculateInterest(
Loan memory l
) internal view returns (uint256 interest, uint256 fees) {
uint256 timeElapsed = block.timestamp - l.startTimestamp;
interest = (l.interestRate * l.debt * timeElapsed) / 10000 / 365 days;
fees = (lenderFee * interest) / 10000;
interest -= fees;
}

in which the interest is calculated but the formula of calculating this is the actual problem. As the value is calculated on the basis of this formula[ (l.interestRate * l.debt * timeElapsed) / 10000 / 365 ] days and in this it is stated as per the solidity that the outcome value of (l.interestRate * l.debt * timeElapsed) is to be divide by 10000 which is wrong.
Also the value of (l.interestRate * l.debt * timeElapsed) is first divided by 10000 and then by 365 which makes the interest value wrong.

Example :
If the value (l.interestRate * l.debt * timeElapsed) results in 30000 and according to formula it is first divided by 10000 then the value 3 is left and then it divides by 365 which is in decimal and very wrong(small).

To behave intended and right the value (l.interestRate * l.debt * timeElapsed) must be divide by the result of (10000/365) which gives the proper value of interest and after that fees for the protocol.

Impact

Impact of it is that if the value of interest is calculated as 0.0something which results in the very low value of the fees to the protocol as in the fees formula the division value is very large. Which results in loss of fees or profit to your protocol.

Tools Used

Manual

Recommendations

Do changes to the interest formula like this.
interest = (l.interestRate * l.debt * timeElapsed) / (10000 / 365 days);
by this the whole value is calculated by the result of (10000 / 365 days) and gives the right interest an right fees.