Inability to Refinance Loans with 100% Collateralization Due to Insufficient Collateral Check
Summary
The PredictDotLoan contract has a vulnerability affecting loans with a 100% collateralization ratio—where the collateral amount equals the loan amount. As interest accrues over time, the total debt (principal plus interest) exceeds the original loan amount. During refinancing, the contract requires that the new loan's required collateral does not exceed the original collateral amount. However, due to the accrued interest, the collateralAmountRequired becomes greater than the original collateralAmount, causing the refinancing process to revert with an InsufficientCollateral error.
Root Cause
The _refinance function in the PredictDotLoan contract requires that the collateralAmountRequired for the new loan does not exceed the loan.collateralAmount of the existing loan. However, as interest accrues on the existing loan, the debt increases beyond the original loanAmount. During refinancing, the new loan must cover the increased debt (principal + accrued interest + protocol fee), which results in a higher fulfillAmount. Since the collateralization ratio must remain at least 100%, the collateralAmountRequired increases proportionally with the fulfillAmount.
In cases where the original loan has a collateralization ratio of 100% (i.e., collateralAmount == loanAmount), any accrued interest causes the collateralAmountRequired to exceed the original collateralAmount. The contract's check:
prevents the refinancing from proceeding, as the borrower cannot provide additional collateral within this transaction. This effectively blocks borrowers from refinancing such loans, limiting their ability to benefit from better interest rates or loan terms.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
User Impact: Borrowers with loans at a 100% collateralization ratio cannot refinance after any interest accrues, restricting them from taking advantage of better loan offers. This affects one of the protocol's key features—refinancing flexibility—and may discourage users from participating in the platform.
Protocol Impact: Reduced user engagement due to inflexible refinancing options can negatively affect the protocol's adoption and overall liquidity. It may also lead to an increased risk of defaults if borrowers cannot refinance to more manageable terms.
PoC
No response
Mitigation
Here are 2 possible actions to mitigate this issue:
Introduce a minimum LTV ratio greater than 100% (e.g., 110% or 120%) when creating loans.
Permit borrowers to provide additional collateral if required.
ivanonchain
High
Inability to Refinance Loans with 100% Collateralization Due to Insufficient Collateral Check
Summary
The PredictDotLoan contract has a vulnerability affecting loans with a 100% collateralization ratio—where the collateral amount equals the loan amount. As interest accrues over time, the total debt (principal plus interest) exceeds the original loan amount. During refinancing, the contract requires that the new loan's required collateral does not exceed the original collateral amount. However, due to the accrued interest, the collateralAmountRequired becomes greater than the original collateralAmount, causing the refinancing process to revert with an InsufficientCollateral error.
Root Cause
The
_refinancefunction in thePredictDotLoancontract requires that thecollateralAmountRequiredfor the new loan does not exceed theloan.collateralAmountof the existing loan. However, as interest accrues on the existing loan, the debt increases beyond the original loanAmount. During refinancing, the new loan must cover the increased debt (principal + accrued interest + protocol fee), which results in a higherfulfillAmount. Since the collateralization ratio must remain at least 100%, the collateralAmountRequired increases proportionally with the fulfillAmount.In cases where the original loan has a collateralization ratio of 100% (i.e., collateralAmount == loanAmount), any accrued interest causes the collateralAmountRequired to exceed the original collateralAmount. The contract's check:
https://github.com/sherlock-audit/2024-09-predict-fun/blob/main/predict-dot-loan/contracts/PredictDotLoan.sol#L1109
prevents the refinancing from proceeding, as the borrower cannot provide additional collateral within this transaction. This effectively blocks borrowers from refinancing such loans, limiting their ability to benefit from better interest rates or loan terms.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
User Impact: Borrowers with loans at a 100% collateralization ratio cannot refinance after any interest accrues, restricting them from taking advantage of better loan offers. This affects one of the protocol's key features—refinancing flexibility—and may discourage users from participating in the platform.
Protocol Impact: Reduced user engagement due to inflexible refinancing options can negatively affect the protocol's adoption and overall liquidity. It may also lead to an increased risk of defaults if borrowers cannot refinance to more manageable terms.
PoC
No response
Mitigation
Here are 2 possible actions to mitigate this issue: