Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Potential rounding error when computing interest

0xCiphky

Summary

Tokens with decimals under a certain threshold can lead to a loss of funds due to rounding errors in the _calculateInterest Function

Vulnerability Details

The _calculateInterest function in the Lender contract calculates the interest for a loan and the fees associated with it. The function is defined as follows:

function _calculateInterest(Loan memory l) internal view returns (uint256 interest, uint256 fees) {
uint256 timeElapsed = block.timestamp - l.startTimestamp;
interest = (l.interestRate * l.debt * timeElapsed) / 10000 / 365 days;
fees = (lenderFee * interest) / 10000;
interest -= fees;
}

If the debt token has a small number of decimals, the calculated interest and fees can be rounded down to zero

Consider the following example:

  • Interest Rate = 1000

  • Debt = 10 * 10^2 (1000)

  • Time Elapsed = 1 hour (3600 seconds)

  • Lender Fee = 1000

The computation is as follows:

  • Interest = (1000 * 1000 * 3600) / (10000 * 86400) = 4.166666666666667 (will be rounded down to 4 in Solidity)

  • Fees = (1000 * 4.166666666666667) / 10000 = 0.4166666666666667 (will be rounded down to 0 in Solidity)

Impact

Impact: High. The protocol could lose funds on fees, which could be exploited by malicious actors.

Likelihood: Low. This issue could occur whenever a loan is created using a token with a small number of decimals.

Tools Used

Manual analysis

Recommendations

One possible solution is to scale the number of decimals in the calculation depending on the tokens decimals before performing the division. After the division, the result can be scaled down to the correct number of decimals.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.