This repository has been archived by the owner on May 26, 2023. It is now read-only.
Breeje - SOME AMOUNT OF COLLATERAL CAN BE STUCK IN ESCROW #307
Comments
github-actions
bot
added
Duplicate
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Breeje
medium
SOME AMOUNT OF COLLATERAL CAN BE STUCK IN ESCROW
Summary
In
repaymethod, the collateral to be released is calculated by a mathematical calculation with include division.Vulnerability Detail
In EVM, as there are no Floating points, the
decollateralizedvalue will always take the floor value of the calculation ignore the latter part. If borrower is paying back in multiple transactions, he/she will loss some amount of collateral because of this.Impact
Loss of Collateral for Borrower despite paying back the complete Loan Amount.
Code Snippet
File: Cooler.sol function repay (uint256 loanID, uint256 repaid) external { Loan storage loan = loans[loanID]; if (block.timestamp > loan.expiry) revert Default(); uint256 decollateralized = loan.collateral * repaid / loan.amount; if (repaid == loan.amount) delete loans[loanID]; else { loan.amount -= repaid; loan.collateral -= decollateralized; } debt.transferFrom(msg.sender, loan.lender, repaid); collateral.transfer(owner, decollateralized); }Link to Code
Tool used
Manual Review
Recommendation
When the repaid amount is equal to loan amount, transfer all the remaining collateral in the escrow to the Borrower.
Can use a new state variable to keep a track on this which will make sure that no amount of collateral is stuck inside escrow.
Duplicate of #263
The text was updated successfully, but these errors were encountered: