Equations to calculate collateralization ratio are incorrect, resulting in invalid results
Summary
A lot of important functionality relies on the accurate calculation of the collateralization ratio for a short record. However, the getCollateralRatioSpotPrice and getCollateralRatio functions do not correctly implement the equation for calculating the collateralization ratio, which can lead to major issues throughout the protocol. Some places where this messes up logic are in checking a record's flag, or when calculating DITTO rewards.
Vulnerability Details
Consider the implementation for the getCollateralRatio function:
(1) short.collateral is denoted in ETH (2) short.ercDebt is denoted in Asset (3) LibOracle.getPrice(asset) returns Asset/ETH. This means this equation can we re-written (in terms of units) as ETH / (Asset * Asset / ETH) = ETH^2 / Asset^2. This is not the correct collateralization ratio.
Impact
The functions to calculate the collateralization ratio for short records are implemented correctly, which breaks a bunch of logic including calculating whether a record is liquidatable / DITTO rewards.
Tools Used
Manual review
Recommendations
In the above equation, the oracle price should be inverted so that it's (in pseudo-code): collateral_eth / (debt_asset * ETH/Asset).
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.