Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

user can borrow more than expected

gegul

Summary

Due to incorrect calculations during the loan process, users can borrow more than their available collateral.

// Liquidation parameters
uint256 public constant BASE_LIQUIDATION_THRESHOLD = 80 * 1e2; // 80% in basis points
// Initialize liquidation parameters
liquidationThreshold = BASE_LIQUIDATION_THRESHOLD;
// Ensure the user has enough collateral to cover the new debt
if (collateralValue < userTotalDebt.percentMul(liquidationThreshold)) {
revert NotEnoughCollateralToBorrow();
}

The code checks to ensure that collateralValue is greater than or equal to a percentage of userTotalDebt defined by the liquidationThreshold.

The liquidationThreshold is set to 80%, meaning it validates that the collateral is larger than 80% of the total debt.

For example, user A deposits 1 ETH as collateral and is allowed to borrow up to 1.2 ETH.

This means the user can borrow 20% more than the collateral value, and this could be exploited to steal all assets if abused.

Recommended mitigation steps

// Ensure the user has enough collateral to cover the new debt
if (collateralValue.percentMul(liquidationThreshold) < userTotalDebt) {
revert NotEnoughCollateralToBorrow();
}

The code should be modified as above to revert the transaction if the percentage of collateral is less than the loan amount.

References

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::borrow as well as withdrawNFT() reverses collateralization check, comparing collateral < debt*0.8 instead of collateral*0.8 > debt, allowing 125% borrowing vs intended 80%

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!