search

sherlock-audit / 2024-09-predict-fun-judging

5 stars 4 forks source link

bughuntoor - Refinancing and auction take less fee than expected. #118

Open sherlock-admin4 opened 1 month ago

sherlock-admin4 commented 1 month ago

bughuntoor

High

Refinancing and auction take less fee than expected.

Summary

When creating a new loan within _acceptOffer, the protocolFee is applied to the whole amount taken from the lender - the fulfilled amount.

    function _transferLoanAmountAndProtocolFee(
        address from,
        address to,
        uint256 loanAmount
    ) private returns (uint256 protocolFee) {
        protocolFee = (loanAmount * protocolFeeBasisPoints) / 10_000;
        LOAN_TOKEN.safeTransferFrom(from, to, loanAmount - protocolFee);
        if (protocolFee > 0) {
            LOAN_TOKEN.safeTransferFrom(from, protocolFeeRecipient, protocolFee);
        }
    }

So if the user fulfills 1000 USDC and the protocol fee is 2%, the fee that will be taken will be 20 USDC and the user will receive 980 USDC.

However, this is not the case within refinance and auction.

        uint256 _nextLoanId = nextLoanId;
        uint256 debt = _calculateDebt(loan.loanAmount, loan.interestRatePerSecond, callTime - loan.startTime);
        uint256 protocolFee = (debt * protocolFeeBasisPoints) / 10_000;

There. the protocol fee is applied on the debt. So if a position with a debt of 980 USDC gets auctioned, the fee that will be paid will be 19,6 USDC. In this case, the protocol will earn 2% less fees than expected.

Whenever there's a protocol fee, refinance and auction will earn less fees proportional to the set protocolFee. Meaning that if the fee is 1%, these functions would earn 1% less. And if the fee is set to 2%, the loss will be 2%.

As the protocol can easily lose up to 2% of its fees, this according to Sherlock rules should be classified as High severity

Definite loss of funds without (extensive) limitations of external conditions. The loss of the affected party must exceed 1%.

Root Cause

Wrong math formula used

Affected Code

https://github.com/sherlock-audit/2024-09-predict-fun/blob/main/predict-dot-loan/contracts/PredictDotLoan.sol#L585

Impact

Protocol will make significantly less fees than expected.

PoC

No response

Mitigation

Use the following formula instead

        uint256 protocolFee = (debt * protocolFeeBasisPoints) / (10_000 - protocolFeeBasisPoints);
sherlock-admin2 commented 3 weeks ago

The protocol team fixed this issue in the following PRs/commits: https://github.com/PredictDotFun/predict-dot-loan/pull/50