Integer Division Rounding Down: Solidity's integer division truncates decimal values, always rounding down to the nearest whole number. This can result in the calculated collateralAmountRequired being slightly less than the proportionate amount needed to maintain the intended collateralization ratio.
Under-Collateralization Risk: When the required collateral amount is rounded down, the lender receives less collateral than they should relative to the loan amount provided. This under-collateralization exposes the lender to additional risk, especially in the event of borrower default.
Root Cause
No response
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
Suppose a proposal has the following parameters:
proposal.collateralAmount = 100 wei
proposal.loanAmount = 3 wei
A lender wishes to fulfill a loan amount of 1 wei. The collateral amount required is calculated as:
collateralAmountRequired = (100 * 1) / 3 = 33 wei
However, the exact proportional collateral amount should be approximately 33.333... wei. Due to integer division, the lender receives 33 wei, which is less than the proportionate share, leading to under-collateralization.
Impact
Violates Collateralization Ratio: The contract is expected to enforce a collateralization ratio of at least 100%. By rounding down the collateral amount, the actual ratio falls slightly below 100%, violating this requirement.
Increased Lender Risk: Lenders rely on the collateral to mitigate the risk of borrower default. Under-collateralization means lenders may not fully recover their loaned amount through collateral liquidation.
PoC
No response
Mitigation
Adjust the calculation to round up the required collateral amount, ensuring the lender receives at least the proportionate share of collateral.
Albort
Medium
Collateral Under-Collateralization Due to Integer Division
Summary
https://github.com/sherlock-audit/2024-09-predict-fun/blob/main/predict-dot-loan/contracts/PredictDotLoan.sol#L1169
Integer Division Rounding Down: Solidity's integer division truncates decimal values, always rounding down to the nearest whole number. This can result in the calculated
collateralAmountRequiredbeing slightly less than the proportionate amount needed to maintain the intended collateralization ratio. Under-Collateralization Risk: When the required collateral amount is rounded down, the lender receives less collateral than they should relative to the loan amount provided. This under-collateralization exposes the lender to additional risk, especially in the event of borrower default.Root Cause
No response
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
Suppose a proposal has the following parameters:
proposal.collateralAmount = 100 weiproposal.loanAmount = 3 weiA lender wishes to fulfill a loan amount of
1 wei. The collateral amount required is calculated as:However, the exact proportional collateral amount should be approximately
33.333... wei. Due to integer division, the lender receives33 wei, which is less than the proportionate share, leading to under-collateralization.Impact
Violates Collateralization Ratio: The contract is expected to enforce a collateralization ratio of at least 100%. By rounding down the collateral amount, the actual ratio falls slightly below 100%, violating this requirement. Increased Lender Risk: Lenders rely on the collateral to mitigate the risk of borrower default. Under-collateralization means lenders may not fully recover their loaned amount through collateral liquidation.
PoC
No response
Mitigation
Adjust the calculation to round up the required collateral amount, ensuring the lender receives at least the proportionate share of collateral.