Insufficient Collateralization Ratio Check Leading to Potential Undercollateralized Loans
Summary
_assertCollateralizationRatioAtLeastOneHundredPercent function, only ensures that the collateral amount is not less than the loan amount
function _assertCollateralizationRatioAtLeastOneHundredPercent(
uint256 collateralAmount,
uint256 loanAmount
) private pure {
if (collateralAmount < loanAmount) {
revert CollateralizationRatioTooLow();
}
}
it is used in functions including matchProposals, _acceptOffer, and _refinance. though it prevents loans from being created with less collateral than the loan amount, but it allows for exactly 1:1 collateralization.
The issue now is :
Market volatility: The value of the collateral can fluctuate, potentially becoming worth less than the loan amount shortly after the loan is created.
In situations of a default, there may be costs associated with liquidating the collateral, which aren't factored into this minimum ratio.
As interest accrues on the loan, the total debt increases, potentially surpassing the collateral value even if it started at 1:1.
Lenders may not be adequately protected against defaults, as the collateral may be insufficient to cover the loan amount plus accrued interest.
If multiple loans become undercollateralized, it could lead to significant losses for the protocol and its users
In a market downturn, many loans could become undercollateralized simultaneously, leading to a cascade of liquidations that could further depress collateral values.
PoC
No response
Mitigation
If a loan's collateralization ratio falls below a certain threshold, trigger automatic partial or full liquidation to protect lenders.
Melodic Mocha Aardvark
High
Insufficient Collateralization Ratio Check Leading to Potential Undercollateralized Loans
Summary
_assertCollateralizationRatioAtLeastOneHundredPercent
function, only ensures that the collateral amount is not less than the loan amountit is used in functions including
matchProposals
,_acceptOffer
, and_refinance
. though it prevents loans from being created with less collateral than the loan amount, but it allows for exactly 1:1 collateralization.The issue now is :
Root Cause
https://github.com/sherlock-audit/2024-09-predict-fun/blob/main/predict-dot-loan/contracts/PredictDotLoan.sol#L1234
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
PoC
No response
Mitigation