Lack of Correct Handling of Negative Utilization

[c4-bot-6]

Lines of code

https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/CollateralTracker.sol#L751

Vulnerability details

Impact

The _sellCollateralRatio function in the smart contract incorrectly handles negative utilization by simply negating the value, which could lead to unintended behaviour and incorrect results.

If negative utilization values occur due to underutilization or specific conditions, the incorrect handling can lead to inaccurate collateral ratio calculations. This could potentially result in incorrect risk assessments and financial losses for users.

Tools Used

Manual Review

Recommended Mitigation Steps

• Ensure correct handling of negative utilization by taking the absolute value of the utilization before further processing. This can be achieved using the abs function or by casting the value to an unsigned integer (uint256) after converting it to a signed integer (int256).

  utilization = uint256(int256(utilization));

Assessed type

Math

[c4-judge]

Picodes marked the issue as unsatisfactory: Invalid