Submission Details
Severity:
Incorrect Division on Ray Values Leads to Precision Issues in `LendingPool::calculateHealthFactor`.
Vulnerability Details
Throughout the protocol, any arithmetic on RAY and WAD precision values are handled by using functions from
WadRayMath.sol for efficiently handling the fixed-point math intricacies of ray values.
function calculateHealthFactor(address userAddress) public view returns (uint256) {
uint256 collateralValue = getUserCollateralValue(userAddress);
uint256 userDebt = getUserDebt(userAddress); // @ RAY precision
if (userDebt < 1) return type(uint256).max;
uint256 collateralThreshold = collateralValue.percentMul(liquidationThreshold);
@> return (collateralThreshold * 1e18) / userDebt; // @ audit No rayDiv?
}
However, the LendingPool::calculateHealthFactor implementation uses simple division operator (/) instead of the dedicated rayDiv
function from the WadRayMath library resulting in systematic inconsistencies, and precision loss.
Tools Used
Manual Review
Recommendations
Replace the use of the simple division operator for ray values with the rayDiv function from WadRayMath.
- return (collateralThreshold * 1e18) / userDebt;
+ uint256 rayVal = (collateralThreshold * 1e18);
+ return rayVal.rayDiv(userDebt);
Updates
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.