Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Incorrect collateralization check allows unsafe borrowing

falendar

Summary

In the LendingPool contract, the collateralization check in the borrow function is reversed, allowing users to borrow amounts that should be restricted by their collateral value.

Vulnerability Details

The borrow function uses the following check to validate if a user has enough collateral:

if (collateralValue < userTotalDebt.percentMul(liquidationThreshold)) {
revert NotEnoughCollateralToBorrow();
}

Example scenario with current liquidation threshold of liquidationThreshold = 80 * 1e2 (80% in basis points):

User has:
collateralValue = 500
Tries to borrow 600:
userTotalDebt = 0 + 600 = 600
Check:
userTotalDebt.percentMul(liquidationThreshold) = (600 * 8000) / 10000 = 480
if (500 < 480) // false, allows borrow

The current check allows the user to borrow 600 when they should only be able to borrow 400 based on their 500 collateral value.

Impact

High: Users can borrow more than their collateral safely supports. Positions start above liquidation threshold.

Recommendations

Reverse the check to validate debt against collateral value:

- if (collateralValue < userTotalDebt.percentMul(liquidationThreshold)) {
- revert NotEnoughCollateralToBorrow();
- }
+ if (userTotalDebt > collateralValue.percentMul(liquidationThreshold)) {
+ revert NotEnoughCollateralToBorrow();
+ }
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::borrow as well as withdrawNFT() reverses collateralization check, comparing collateral < debt*0.8 instead of collateral*0.8 > debt, allowing 125% borrowing vs intended 80%

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.