sherlock-audit / 2023-03-taurus-judging

4 stars 0 forks source link

GimelSec - The decimals of collateral may different from 1e18, causing the user to borrow more than the real amount that can be borrowed. #159

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

GimelSec

high

The decimals of collateral may different from 1e18, causing the user to borrow more than the real amount that can be borrowed.

Summary

The decimals of collateral may different from 1e18, causing the user to borrow more than the real amount that can be borrowed.

Vulnerability Detail

The decimals of Collateral are not always 1e18. If we have a collateral token with 1e27 decimals, we will get a wrong collateral ratio.

Suppose we have 120 collateral tokens which are worth $120.

In _computeCR(): (_coll * _price * Constants.PRECISION) / (_debt * 10 ** priceDecimals)

_coll: 120 * 1e27
_price: 1 * 1e18, which means a collateral worth $1
priceDecimals: 1e18
_debt: 100 * 1e18, the max debt due to 120% collateral ratio

We get: (120*1e27 * 1*1e18 * 1e18) / (100*1e18 * 10**18) = 1.2 * 1e27, which is 120000000000% rather than 120%.

Impact

Users can borrow more than the real amount that can be borrowed.

Code Snippet

https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Libs/TauMath.sol#L18

Tool used

Manual Review

Recommendation

Handle the decimals of collateral in _computeCR.

Duplicate of #35