Collateral token and Loan token(USDC) decimals could be different leading to incorrect collateralization ratio checks
Summary
In the collateralization ratio check only the raw amount of the tokens are checked and not their inherent values. This could lead to tokens with different decimals to bypass this check.
Root Cause
function _assertCollateralizationRatioAtLeastOneHundredPercent(
uint256 collateralAmount,
uint256 loanAmount
) private pure {
if (collateralAmount < loanAmount) {
revert CollateralizationRatioTooLow();
}
}
The CTF token and the LoanToken decimals/value are different.
Attack Path
Assume a CTF with decimals 18, and a LoanToken with decimals USDC(6 decimals) => this is valid since they are planning on using USDC on their platforms
This would lead to the check always passing since the loan.Amount will mostly be less than the collateral.Amount
For example: loan.Amount =1e10 ($10,000) and collateral.Amount = 1e18(which is basically only 1 CTF token). This loan will be allowed to be made when it should not have been.
Impact
Loans/proposals with less than 100% collateralization ratio can be created.
PoC
No response
Mitigation
During the check make sure to include the decimals of the tokens too.
Petite Coconut Barracuda
High
Collateral token and Loan token(USDC) decimals could be different leading to incorrect collateralization ratio checks
Summary
In the collateralization ratio check only the raw amount of the tokens are checked and not their inherent values. This could lead to tokens with different decimals to bypass this check.
Root Cause
This check could be incorrectly passed when using different tokens. https://github.com/sherlock-audit/2024-09-predict-fun/blob/main/predict-dot-loan/contracts/PredictDotLoan.sol#L1238
Internal pre-conditions
No response
External pre-conditions
The CTF token and the LoanToken decimals/value are different.
Attack Path
loan.Amount
will mostly be less than thecollateral.Amount
loan.Amount =1e10
($10,000) andcollateral.Amount = 1e18
(which is basically only 1 CTF token). This loan will be allowed to be made when it should not have been.Impact
Loans/proposals with less than 100% collateralization ratio can be created.
PoC
No response
Mitigation
During the check make sure to include the decimals of the tokens too.