Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

LendingPool will always tend to charge the MAX_BORROW_RATE

charlescheerful

Vulnerability Details

The logic to balance on interest rates based on uitilization should go like this:

  • High utilization == Too much money borrowed => High borrow rates to deincentivize borrowing

  • Low utilization == Not enough money borrowed => Low borrow rates to incentivize borrowing

The code increases borrow rates when utilization is low, it should decrease them.

Proof Of Concept

See ReserveLibrary::calculateBorrowRate() we can see the behavior mentioned above here. Which is executed after this if statmenet, that checks utilization rate being lower than the optimal.

You can see here that calculateBorrowRate() is called and its return value is used to assign the new borrow rate.

Impact

The system will not self balance properly, leading to slowly increasing borrow rates.

Eventually hitting always teh MAX limit set on code instead of the optimal rate.

Recommendations

Make the borrow rate decrease inside this if statment instead of increasing it. Whether by the actual percentages calculated or new ones, but it must decrease.

function calculateBorrowRate(/*args*/) internal pure returns (uint256) {
// more code...
uint256 rate;
if (utilizationRate <= optimalUtilizationRate) {
uint256 rateSlope = primeRate - baseRate;
uint256 rateIncrease = utilizationRate.rayMul(rateSlope).rayDiv(optimalUtilizationRate);
- rate = baseRate + rateIncrease;
+ rate = baseRate - rateIncrease;
} else {
more cde...
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
inallhonesty Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.