[M-3] `_maxCollateralRatioMantissa` should have an upper bound

Summary

_maxCollateralRatioMantissa should have an upper bound, such as 75%.

Vulnerability Detail

Most protocols are over-collateralized for self-protection.

There is no upper bound for _maxCollateralRatioMantissa in the contract. When a pool is created with a high _maxCollateralRatioMantissa such as 99%, the protocol will become under-collateralized.

Impact

Protocol may become under-collateralized.

Code Snippet

https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/Pool.sol#L63

require(_maxCollateralRatioMantissa > 0, "Pool: _maxCollateralRatioMantissa too low");

Tool used

Manual Review

Recommendation

Add another require() statement, such as:

require(_maxCollateralRatioMantissa < 0.75e18, "Pool: _maxCollateralRatioMantissa too high");

sherlock-audit / 2023-02-surge-judging

ret2basic.eth - [M-3] `_maxCollateralRatioMantissa` should have an upper bound #279

[M-3] `_maxCollateralRatioMantissa` should have an upper bound

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

sherlock-audit / 2023-02-surge-judging

ret2basic.eth - [M-3] `_maxCollateralRatioMantissa` should have an upper bound #279

[M-3] _maxCollateralRatioMantissa should have an upper bound

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

[M-3] `_maxCollateralRatioMantissa` should have an upper bound