search

sherlock-audit / 2024-04-teller-finance-judging

10 stars 9 forks source link

KupiaSec - A user can borrow liquidity, even though `getPrincipalAmountAvailableToBorrow() < 0`. #237

Closed sherlock-admin3 closed 4 months ago

sherlock-admin3 commented 4 months ago

KupiaSec

medium

A user can borrow liquidity, even though getPrincipalAmountAvailableToBorrow() < 0.

Summary

Borrowing is prevented when the percentage of lent amount relative to the poolTotalEstimatedValue is greater than the liquidityThresholdPercent. However, this restriction can be circumvented, as users are still able to borrow liquidity even in this case.

Vulnerability Detail

The getPrincipalAmountAvailableToBorrow() function prevents borrowing when the percentage of lent amount relative to the poolTotalEstimatedValue is greater than the liquidityThresholdPercent.

https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol##L779-L788


    function getPrincipalAmountAvailableToBorrow()
        public
        view
        returns (uint256)
    {     

            return  ( uint256( getPoolTotalEstimatedValue() )).percent(liquidityThresholdPercent) -
            getTotalPrincipalTokensOutstandingInActiveLoans() ;

    }

Consider the following scenario:

  1. Alice deposit so many principle token into the pool that getPrincipalAmountAvailableToBorrow() == balanceOf(address(this)).
  2. Alice borrows liquidity as much as possible.
  3. Alice withdraw all liquidity.

After the above scenario, all priciple tokens are lended, nothing left in the pool.

Impact

A user can borrow liquidity, even though getPrincipalAmountAvailableToBorrow() < 0. This may delay the withdraw time of liquidity providers.

Code Snippet

https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol##L779-L788

Tool used

Manual Review

Recommendation

The interest rate mechanism should be improved. Additionally, there should be some time duration between deposit and withdrawal.

Duplicate of #68