Fees could get truncated due to unnecessary precision loss
Summary
The _calculateInterest() function of the Lender.sol contract can lead to inaccuracies in calculating the accrued fees on a loan. This is due to the fact that while calculating the accrued fees, not enough measures are taken to ensure that maximum precision is kept.
Vulnerability Details
Take a look at the _calculateInterest()
The function currently calculates the accrued interest on a loan as follows:
It then computes the accrued fees based on the calculated interest:
The precision loss occurs when the fees is calculated due to the "division operation" before multiplication, which can lead to a loss of accuracy.
Do note that that the fees could alternatively be calculated as this
Essentially putting all multiplications before the divisions.
Impact
Inaccurate accrued fees could be registered, which is not best for beedle
Tools Used
Manual Audit
Recommend Mitigation
Modify the computation to perform multiplication operations before division. This can be achieved by directly calculating fees using l.interestRate, l.debt, timeElapsed, and lenderFee. Here's the idea of the suggested change:
Additional Notes
There are multiple instances of the call to _calculateInterest() around 5 in the Lender.sol contract, which just exarcebates the issue and shows how little instances of the precision loss could sum up to a significant brick.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.