Pools could be misconfigured when the collateral and loan tokens do not have the same decimals
Summary
Pools could be misconfigured when the collateral and loan tokens do not have the same decimals.
Vulnerability Detail
As stated in the NatSpec comments and docs the collateral ratio mantissa represents how many loan tokens one can borrow (or has borrowed) in exchange for collateral tokens. And this value is scaled by 1e18.
User's collateral ratio is calculated in 3 functions - removeCollateral, borrowand liquidate, in the following way:
It is expected that the userCollateralRatioMantissa is scaled by 1e18, but this is only true when the loan token has the same decimals as the collateral token (userDebt and collateralBalance are scaled by the same factor).
This means that if we have WETH (18 decimals or 1e18) for collateral token and USDC (6 decimals or 1e6) for loan token, the result will be scaled by 1e6 (1e6 * 1e18 / 1e18) while the _currentCollateralRatioMantissa is configured in 1e18.
require(userCollateralRatioMantissa > _currentCollateralRatioMantissa, "Pool: borrower not liquidatable");
Note: This also means that tokens that differ by more than 12-18 decimals can break the calculations in case the collateralBalance is greater than the userDebt * 1e18 due to the division made.
Impact
Users that are not aware of this behaviour can loose their funds if they deposit collateral tokens in such misconfigured pools where the collateral and loan tokens have different decimals.
Code Snippet
/// @return uint The pool collateral ratio in mantissa (scaled by 1e18)
Improve documentation (& code comments) about the value of the collateral ratio mantissa, its scale and the calculation of users collateral ratio mantissa when the collateral and loan tokens have different decimals.
gogo
medium
Pools could be misconfigured when the collateral and loan tokens do not have the same decimals
Summary
Pools could be misconfigured when the collateral and loan tokens do not have the same decimals.
Vulnerability Detail
As stated in the NatSpec comments and docs the collateral ratio mantissa represents how many loan tokens one can borrow (or has borrowed) in exchange for collateral tokens. And this value is scaled by 1e18.
User's collateral ratio is calculated in 3 functions -
removeCollateral,borrowandliquidate, in the following way:It is expected that the userCollateralRatioMantissa is scaled by 1e18, but this is only true when the loan token has the same decimals as the collateral token (userDebt and collateralBalance are scaled by the same factor).
This means that if we have WETH (18 decimals or 1e18) for collateral token and USDC (6 decimals or 1e6) for loan token, the result will be scaled by 1e6 (1e6 * 1e18 / 1e18) while the _currentCollateralRatioMantissa is configured in 1e18.
Note: This also means that tokens that differ by more than 12-18 decimals can break the calculations in case the
collateralBalanceis greater than theuserDebt * 1e18due to the division made.Impact
Users that are not aware of this behaviour can loose their funds if they deposit collateral tokens in such misconfigured pools where the collateral and loan tokens have different decimals.
Code Snippet
https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/Pool.sol#L215
https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/Pool.sol#L433-L434
https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/Pool.sol#L474-L475
https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/Pool.sol#L573-L574
Tool used
Manual Review
Recommendation
Improve documentation (& code comments) about the value of the collateral ratio mantissa, its scale and the calculation of users collateral ratio mantissa when the collateral and loan tokens have different decimals.
Duplicate of #122