Submission Details
Severity:
When a loan is seized, `borrowerFee` is paid for the 2nd time.
Summary
When a loan is seized, borrowerFee is paid for the 2nd time.
Vulnerability Details
When taking out a borrow, borrowerFee is taken
uint256 fees = (debt * borrowerFee) / 10000;
// transfer fees
IERC20(loan.loanToken).transfer(feeReceiver, fees);
However, when seizing the loan, borrowerFee is taken once again for no reason.
uint256 govFee = (borrowerFee * loan.collateral) / 10000;
// transfer the protocol fee to governance
IERC20(loan.collateralToken).transfer(feeReceiver, govFee);
Impact
Fee is taken twice
Tools Used
Manual review
Recommendations
Do not take borrowerFee when seizing a loan.
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
70628
USDC / LOC
18,000 USDC
2,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.