Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect Interest Calculation in _calculateInterest Function

daniel526

Summary

The _calculateInterest function in the smart contract is designed to calculate the interest and fees accrued on a loan based on the loan details and the time elapsed since the loan was initiated. However, there is a flaw in the interest calculation that affects the accuracy of the computed interest.

Vulnerability Details

The _calculateInterest function performs interest calculations incorrectly due to the order of operations in the expression. The relevant code snippet for the function is as follows:

function _calculateInterest(Loan memory l) internal view returns (uint256 interest, uint256 fees) {
uint256 timeElapsed = block.timestamp - l.startTimestamp;
interest = (l.interestRate * l.debt * timeElapsed) / 10000 / 365 days;
fees = (lenderFee * interest) / 10000;
interest -= fees;
}

The issue lies in the interest calculation line:

interest = (l.interestRate * l.debt * timeElapsed) / 10000 / 365 days;

The calculation is divided by 365 days at the end, which results in an incorrect computation of daily interest. This approach treats the interest as a simple daily interest rather than compounding it over time.

Impact

The incorrect interest calculation can lead to borrowers being charged inaccurate interest amounts on their loans. This could result in financial losses for both borrowers and lenders, affecting the overall fairness and stability of the lending platform. Additionally, if this incorrect interest calculation propagates to other parts of the contract or is used for further calculations, it may lead to cascading inaccuracies throughout the system.

Tools Used

Manual

Recommendations

interest = (l.interestRate * l.debt * timeElapsed) / (10000 * 365 days);

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.