Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Incorrect Borrow Limit Calculation Due to Misplaced Condition

whitekittyhacker

Summary

The LendingPool::borrow function incorrectly calculates whether a user has enough collateral to borrow funds. The condition currently checks if the collateral value is less than the allowed borrow limit, but it should check if the user's total debt exceeds the allowed borrow limit.

Vulnerability Details

The current condition:

https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/pools/LendingPool/LendingPool.sol#L344

The correct check should ensure that total debt does not exceed the borrowable limit:

if (userTotalDebt > collateralValue.percentMul(liquidationThreshold)) {
revert NotEnoughCollateralToBorrow();
}

Impact

Overborrowing risk: Borrowers may exceed safe collateralization levels, leading to higher liquidation risk or system-wide instability.

Tools Used

Manual review

Recommendations

Update the borrow condition to:

if (userTotalDebt > collateralValue.percentMul(liquidationThreshold)) {
revert NotEnoughCollateralToBorrow();
}

CopyEdit

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::borrow as well as withdrawNFT() reverses collateralization check, comparing collateral < debt*0.8 instead of collateral*0.8 > debt, allowing 125% borrowing vs intended 80%

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.