Open hats-bug-reporter[bot] opened 7 months ago
borrowMax()
isn't utilised by any borrower (so no impact), but agree this should also be capped by remaining availability.
It's worth noting that while the comment in _borrowerUtilisationRatio()
says it's equivalent logic to _availableToBorrow()
we will not want to limit by the remaining available in the circuit breaker. The UR should be based on the policy set debtCeiling
yeah, I saw that on the _borrowerUtilisationRatio()
but it does not make sense to apply the circuit breaker there, I agree.
Github username: @JacoboLansac Twitter username: jacolansac Submission hash (on-chain): 0xbbfc4bc5d3a1251d5b8a7eee3671dc280d7c9f3786e5f3b83443f253db216898 Severity: low
Description: The
_borrow()
function implements a circuit breaker to limit the amount of USDC that can be borrowed within a 24h period:The function
OrigamiLendingClerk::borrowMax()
reads the maximum borrowable amount from_availableToBorrow()
, and attempts to borrow it using_borrow()
:However, the function
OrigamiLendingClerk::_availableToBorrow()
does not check the remaining amount before hitting the circuit breaker cap. Even in the function documentation, there is no statement that suggests that the circuit breaker cap is checked.Therefore, every time the
_availableToBorrow()
returns a higher value than the remaining amount until hitting the circuit breaker cap, theborrowedAmount
will be too high, and the circuit breaker inside_borrow()
will revert.Impact: medium
It makes the
OrigamiLendingClerk::borrowMax()
unusable under the above-described conditions. Moreover,OrigamiLendingClerk::availableToBorrow()
will return non-reliable values for those same conditions. Any future integration with the clerk that attempts to read these values will also be affected.I am aware that this bug is very similar to another one already reported from another contract #39. The main difference being that this one causes a revert in a state-changing function.
Recommendation
Make sure the output from
_availableToBorrow()
is never aboube the circuit breaker 24h-cap:PoC
Happy to implement a PoC if the issue is not clear.