Debt-to-Collateral Check Vulnerability in borrow Function
Summary
The borrow function in the Lender.sol allows borrowers to open loan positions with more debt than the amount of collateral they provide. It does not check if the requested debt exceeds the collateral amount, potentially leading to under-collateralized positions. This issue can expose the lending pool to higher risks due to market volatility and may result in losses for both lenders and the protocol.
Vulnerability Details
In the borrow function, there is a check to ensure that the loanRatio (debt to collateral ratio) does not exceed the maximum allowed loan ratio specified in the pool. However, there is no validation to ensure that the requested debt amount (debt) is not greater than the provided collateral amount (collateral).
Impact
This vulnerability allows borrowers to open loan positions that have more debt than the amount of collateral they provide. Consequently, the lending pool becomes susceptible to higher risk, as under-collateralized positions pose a significant threat during periods of market volatility. In such scenarios, if the collateral's value drops substantially, the pool may not be able to recover the full outstanding debt, resulting in losses for the lenders and potential disruptions to the platform's stability.
Tools Used
Manual Review
Recommendations
Add a validation check in the borrow function to ensure that the requested debt (debt) does not exceed the provided collateral (collateral). If the debt exceeds the collateral, revert the transaction and prevent the loan from being created.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.