Submission Details
Severity:
The balance of the new pool is deducted twice.
Summary
There is an accounting error where the balance of the new pool has been deducted twice.
Vulnerability Details
function test_refinance() public {
test_borrow();
vm.startPrank(lender2);
Pool memory p = Pool({
lender: lender2,
loanToken: address(loanToken),
collateralToken: address(collateralToken),
minLoanSize: 100 * 10 ** 18,
poolBalance: 1000 * 10 ** 18,
maxLoanRatio: 2 * 10 ** 18,
auctionLength: 1 days,
interestRate: 1000,
outstandingLoans: 0
});
lender.setPool(p);
vm.startPrank(borrower);
Refinance memory r = Refinance({
loanId: 0,
poolId: keccak256(
abi.encode(
address(lender2),
address(loanToken),
address(collateralToken)
)
),
debt: 100 * 10 ** 18,
collateral: 100 * 10 ** 18
});
Refinance[] memory rs = new Refinance[](1);
rs[0] = r;
lender.refinance(rs);
bytes32 newPoolId = keccak256(
abi.encode(
address(lender2),
address(loanToken),
address(collateralToken)
)
);
(, , , , uint256 poolBalance, , , , uint256 outstandingLoans) = lender
.pools(newPoolId);
console.log(
"pool's balance before refinancing: ",
p.poolBalance / 10 ** 18
);
console.log(
"pool's balance after refinancing: ",
poolBalance / 10 ** 18
);
console.log(
"pool's outstanding loans after refinancing: ",
outstandingLoans / 10 ** 18
);
// This assertion failed.
assertEq(
p.poolBalance,
poolBalance + outstandingLoans,
"pool's balance after refinancing plus the outstanding loans should be equal to the pool's balance before refinancing since no interest is accured yet."
);
}
Impact
Lenders will lost funds.
Tools Used
None
Recommendations
Delete L698.
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
70628 USDC / LOC
18,000 USDC
2,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.