search

sherlock-audit / 2023-08-cooler-judging

2 stars 0 forks source link

radevauditor - Potential Stale Exchange Rate for DAI/gOHM in Clearinghouse #182

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

radevauditor

medium

Potential Stale Exchange Rate for DAI/gOHM in Clearinghouse

Summary

The Clearinghouse contract uses a fixed DAI/gOHM exchange rate through the LOAN_TO_COLLATERAL constant. Given the volatile nature of cryptocurrency prices, relying on a fixed exchange rate is problematic. As currencies fluctuate, this constant value will inevitably become obsolete, potentially leading to under-collateralized loans.

Vulnerability Detail

The ClearingHouse contract design permits loan processing as long as the operator approves it. Presumably, this operator could be an automated keeper program. Loan fairness is determined using the LOAN_TO_COLLATERAL constant, which represents the DAI/gOHM exchange rate. As of now, the value of gOHM is $2,500, indicating that LOAN_TO_COLLATERAL fixed value is already outdated.

This vulnerability's gravity can be likened to a scenario where a Chainlink oracle is utilized, but no mechanism checks if the oracle's provided exchange rate is stale. Such a lapse in real-time rate-checking is considered of medium severity.

While it's uncertain who controls the operator address invoking the clear() method, it's likely designed to be an automated keeper. Such a keeper, without any modification, might approve loans without verification. Even if the operator were a human, the existence of hardcoded checks like LOAN_TO_COLLATERAL suggests that the contract aims to safeguard against potential errors, so this particular vulnerability should be addressed.

Impact

There's a potential risk of approving under-collateralized loans. Astute borrowers could exploit this, taking loans they intend to default on. They'd benefit by using the borrowed amount to acquire more collateral than what they'd forfeit upon defaulting.

Code Snippet

The loan-to-collateral is hard-coded, rather than being based on an oracle price. https://github.com/sherlock-audit/2023-08-cooler/blob/main/Cooler/src/Clearinghouse.sol#L55

    uint256 public constant LOAN_TO_COLLATERAL = 3000e18;       // 3,000 DAI/gOHM

If the gOHM price drops below $3000 to say $2500, a loan for 3000 DAI will be under-collateralized.

https://github.com/sherlock-audit/2023-08-cooler/blob/main/Cooler/src/Cooler.sol#L371-L373

    function collateralFor(uint256 amount_, uint256 loanToCollateral_) public view returns (uint256) {
        return (amount_ * (10 ** collateral().decimals())) / loanToCollateral_;
    }

https://github.com/sherlock-audit/2023-08-cooler/blob/main/Cooler/src/Clearinghouse.sol#L386-L391

    function debtForCollateral(uint256 collateral_) public pure returns (uint256) {
        uint256 interestPercent = (INTEREST_RATE * DURATION) / 365 days;
        uint256 loan = collateral_ * LOAN_TO_COLLATERAL / 1e18;
        uint256 interest = loan * interestPercent / 1e18;
        return loan + interest;
    }

Tool used

Manual Review

Recommendation

To ensure loans remain adequately collateralized, implement a dynamic pricing model using Chainlink oracles. This will continuously fetch the most recent DAI/gOHM exchange rate, reducing the potential for under-collateralized loans.

sherlock-admin commented 1 year ago

1 comment(s) were left on this issue during the judging contest.

oot2k commented:

intended design