Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Improper utilization rate calculation

x1485967

Summary

Improper utilization rate calculation

Vulnerability Details

In Lending pool, we will calculate the utilization rate, then calculate the borrow rate according to the utilization rate.

In function calculateUtilizationRate, we calculate the utilization rate via the formula totalDebt / (totalDebt + totalLiquidity). When the borrowers repay, all repaid amount will be added into totalLiquidity. Here the totalLiquidity means current available liquidity in the pool, which includes lenders' assets, lenders' interest and some protocol fees here.

The owner can transfer the protocol fee part via transferAccruedDust() function. The owner can transfer funds in the pool which does not belong to the lenders. We should notice that we don't deduct this part from the totalLiquidity when we transfer the protocol fee out of the pool. This will cause that totalLiquidity will include the accrued protocol fees.

When the system runs for a long time, the protocol fees accrue a huge amount. No matter the owner transfers these protocol fee or not, these protocol fees will be recorded into totalLiquidity. This will cause that utiization rate's calculation result will be less than expected. The lenders may get less interest.

For example:

  1. Alice deposits 2000 assets in one lending pool.

  2. Bob borrows 1000 assets in timestamp X.

  3. Bob repays 1020 assets in timstamp X + 100.(10 asset for lending interest, 10 asset for the protocol fees)

  4. Alice withdraw 2010 assets from the lending pool. Now there is not any depositor in the lending pool.

  5. The owner transfers the dust amount(protocol fees). But current totalLiquidity is not zero.

  6. Alice deposit 2000 assets in this lending pool again.

  7. Bob borrows 1000 asset in timestamp X + 1000. But this time, Bob can borrow the assets with one lower borrow interest.

  8. After we accrue more and more protocol fee in totalLiquidity, our utilization rate calculation result will be shift much more than expected.

function calculateUtilizationRate(uint256 totalLiquidity, uint256 totalDebt) internal pure returns (uint256) {
if (totalLiquidity < 1) {
return WadRayMath.RAY; // 100% utilization if no liquidity
}
uint256 utilizationRate = totalDebt.rayDiv(totalLiquidity + totalDebt).toUint128();
return utilizationRate;
}

Impact

Lenders may get less interest than expected.

Tools Used

Manual

Recommendations

Refactor the utilization's calculation.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::transferAccruedDust doesn't update reserve.totalLiquidity when dust is transferred, causing discrepancy between tracked and actual liquidity

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::transferAccruedDust doesn't update reserve.totalLiquidity when dust is transferred, causing discrepancy between tracked and actual liquidity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.