Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View all submissions
Previous Next
Submission Details
Severity: high
Valid

user can borrow more than expected

Author Revealed upon completion

Summary

Due to incorrect calculations during the loan process, users can borrow more than their available collateral.

// Liquidation parameters
uint256 public constant BASE_LIQUIDATION_THRESHOLD = 80 * 1e2; // 80% in basis points
// Initialize liquidation parameters
liquidationThreshold = BASE_LIQUIDATION_THRESHOLD;
// Ensure the user has enough collateral to cover the new debt
if (collateralValue < userTotalDebt.percentMul(liquidationThreshold)) {
revert NotEnoughCollateralToBorrow();
}

The code checks to ensure that collateralValue is greater than or equal to a percentage of userTotalDebt defined by the liquidationThreshold.

The liquidationThreshold is set to 80%, meaning it validates that the collateral is larger than 80% of the total debt.

For example, user A deposits 1 ETH as collateral and is allowed to borrow up to 1.2 ETH.

This means the user can borrow 20% more than the collateral value, and this could be exploited to steal all assets if abused.

Recommended mitigation steps

// Ensure the user has enough collateral to cover the new debt
if (collateralValue.percentMul(liquidationThreshold) < userTotalDebt) {
revert NotEnoughCollateralToBorrow();
}

The code should be modified as above to revert the transaction if the percentage of collateral is less than the loan amount.

References

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 days ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::borrow as well as withdrawNFT() reverses collateralization check, comparing collateral < debt*0.8 instead of collateral*0.8 > debt, allowing 125% borrowing vs intended 80%

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.