Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

User is able to borrow more than their collateral value in LendingPool.borrow

ChainProof

Summary

LendingPool.borrow is checking less collateralization ratio but it should be higher than 100%(atleast). Current implementation makes user to get a loan more than his collataral .

Vulnerability Details

function borrow(uint256 amount) external nonReentrant whenNotPaused onlyValidAmount(amount) {
...
uint256 userTotalDebt = user.scaledDebtBalance.rayMul(reserve.usageIndex) + amount;
// Ensure the user has enough collateral to cover the new debt
if (collateralValue < userTotalDebt.percentMul(liquidationThreshold)) {
revert NotEnoughCollateralToBorrow();
}
...
}

borrow function allows user to get a loan,

collateralValue < userTotalDebt.percentMul(liquidationThreshold)

ie . collateralValue x 10000/8000 < userTotalDebt

Meaning user able to get a loan up to collateralValue x 10 / 8 . which is more than user collateral value . it caused protocol insolvency. same issue here as well.

Impact

Incorrect comparision of Collateral Ratio(CR) caused protocol insolvency.

Tools Used

Manual Review

Recommendations

Collateralization Ratio (CR) should be more than 100%, ideally 150% or 120%, to ensure safe liquidation operations.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::borrow as well as withdrawNFT() reverses collateralization check, comparing collateral < debt*0.8 instead of collateral*0.8 > debt, allowing 125% borrowing vs intended 80%

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.