Incorrect Loan Ratio Calculation
Summary
The smart contract function borrow allows users to borrow loans from a pool. However, there is a vulnerability in the calculation of the loanRatio, which is crucial for validating the loan-to-collateral ratio. Due to improper arithmetic operations, the calculated loanRatio may be rounded down to the nearest integer, resulting in potential inaccuracies and misrepresentations of the actual loan-to-collateral ratio.
Vulnerability Details
In the borrow function, the loan ratio (loanRatio) is calculated as follows:
The issue lies in the use of integer division in Solidity, where any fractional part of the result is truncated, leading to inaccurate loanRatio values. This calculation is crucial for ensuring that the loan-to-collateral ratio falls within acceptable limits and helps avoid excessive risk for both the borrower and the lender.
Impact
The incorrect calculation of the loan ratio can have several implications. For example, it may allow borrowers to take loans that exceed the permitted loan-to-collateral ratio, leading to higher risks for the lender. Conversely, it might prevent eligible borrowers from accessing loans within the intended limits, limiting the efficiency of the lending platform.
Tools Used
Manual
Recommendations
Use a reliable fixed-point arithmetic library, such as OpenZeppelin's SafeMath, which provides safe multiplication and division functions for uint256 variables.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.