Core Contracts

Summary

The function getUserCollateralValue() is currently designed to iterate over a user’s deposited NFT token IDs and sum up their individual values. This means that any collateral provided as crvUSD deposits (or the associated RToken balance that represents those deposits) is not being taken into account when determining the total collateral value of the user. As a result, users who have deposited crvUSD cannot have that value used as collateral for borrowing, limiting their borrowing capacity despite having sufficient collateral.

Vulnerability Details

Impact

Collateral Underestimation:
Depositors who use crvUSD as collateral have their RToken balance (which should reflect their deposited crvUSD) ignored by the collateral calculation.
Borrowing Restrictions:
Since the protocol relies on getUserCollateralValue() to assess a user’s borrowing capacity, crvUSD depositors are effectively unable to borrow against the value they deposited. This could lead to user frustration and reduce the protocol’s overall utility by not allowing users to leverage all of their assets.
Potential Liquidity and Adoption Issues:
If a significant number of users are affected, it could negatively impact protocol usage and liquidity, as users will be unable to fully utilize their deposited assets as collateral.

Tools Used

Manual Review

Recommendations

A) Enhance Collateral Calculation:
Modify the getUserCollateralValue() function so that it not only sums the value of deposited NFTs but also includes the value of crvUSD deposits. This can be achieved by:

B) Querying the RToken balance associated with the user’s crvUSD deposit.
Converting that RToken balance to its crvUSD value (using an appropriate exchange rate or pricing oracle).
Adding this value to the collateral total along with the NFT values.
By doing so, the protocol will accurately reflect a depositor's total collateral, allowing them to borrow against both their NFT deposits and crvUSD deposits.