Original vulnerabilities:
When emitting a loan, protocol fee associated with loan will be factored into _outstandingValues.sumApr.Specifically, a netAPR (after protocol fee deduction APR) will be added into _outstandingValues.sumApr value.
The problem is when closing a loan after the loan liquidation auction’s settlement, protocol fee is not accounted for. _outstandingValues.sumApr will be offset by a bigger APR (pre-fee deduction APR) value than when the loan is initiated.
Original impacts:
This results in incorrect _oustandingValues being used in all subsequent loan accounting.
The mitigation is to offset outstandingValues.sumApr by the same netAPR as when the corresponding loan is initiated. This including modifying helper functions such as _handleTrancheExcess() , _handleTrancheInsufficient(), _handleLoanManagerCall() and passing the _loan.protocolFee to the loanLiquidation() call.
The mitigation eliminates the vulnerability and resolves the issue.
Lines of code
Vulnerability details
C4 Issue
H-11: Incorrect protocol fee implementation results in outstandingValues to be mis-accounted in Pool.sol
Comments
Original vulnerabilities: When emitting a loan, protocol fee associated with loan will be factored into _outstandingValues.sumApr.Specifically, a netAPR (after protocol fee deduction APR) will be added into _outstandingValues.sumApr value.
The problem is when closing a loan after the loan liquidation auction’s settlement, protocol fee is not accounted for. _outstandingValues.sumApr will be offset by a bigger APR (pre-fee deduction APR) value than when the loan is initiated.
Original impacts: This results in incorrect _oustandingValues being used in all subsequent loan accounting.
Mitigation
Fix: https://github.com/pixeldaogg/florida-contracts/pull/378/files
The mitigation is to offset outstandingValues.sumApr by the same netAPR as when the corresponding loan is initiated. This including modifying helper functions such as
_handleTrancheExcess()
,_handleTrancheInsufficient()
,_handleLoanManagerCall()
and passing the_loan.protocolFee
to the loanLiquidation() call.The mitigation eliminates the vulnerability and resolves the issue.
Test
The revised test is passing
Conclusion
LGTM