Borrowing loan with small amounts of debt tokens can lead to underflowing in the `borrow` function / Precision Loss
Summary
As we know division in solidity can result in rounding down, and to minimize precision loss we always need to do multiplication before division. Yet even when we do this some precision loss can occur especially when dealing with small numbers, and rounding down to zero can be a source of major error if not handled correctly.
Vulnerability Details
The fees calculation in the Lender.sol#borrow() function rounds down to zero if the debt or borrowerFee amount is small enough. So, if the fee is 0 amout, this allows iteratively borrowing a loan without paying any fee.
Also, once the fees are calculated, they are transferred to feeReceiver. However many ERC20 tokens revert on zero value transfer. more details
The same kind of problem exists with the calculation of govFee in the Lender.sol#seizeLoan().
Impact
The Lender.sol#borrow() function can revert due to underflowing the fees calculation if the borrow() function is
(iteratively) called with small amounts of debt tokens. (or borrowerFee is very small)
The Lender.sol#seizeLoan() function can revert due to underflowing the fees calculation if the seizeLoan() function is (iteratively) called with loan that have small amounts of loan.collateral tokens. (or borrowerFee is very small)
Tools Used
Manual Review
Recommendations
Consider preventing the loan from being borrow if the amount of debt or borrowFee tokens is too small (i.e., fees == 0).
Consider preventing the loan from being seize if the amount of collateral or borrowFee tokens is too small (i.e., govFee == 0).
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.