Builder can halve the interest paid to a community owner due to arithmetic rounding #180
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
valid
Lines of code
https://github.com/code-423n4/2022-08-rigor/blob/5ab7ea84a1516cb726421ef690af5bc41029f88f/contracts/Community.sol#L685-L686
Vulnerability details
Impact
Due to arithmetic rounding in
returnToLender()
, a builder can halve the APR paid to a community owner by paying every 1.9999 days. This allows a builder to drastically decrease the amount of interest paid to a community owner, which in turn allows them to advertise very high APR rates to secure funding, most of which they will not pay.This issue occurs in the calculation of
noOfDays
inreturnToLender()
which calculates the number of days since interest has last been calculated. If a builder repays a very small amount of tokens every 1.9999 days, then thenoOfDays
will be rounded down to1 days
howeverlastTimestamp
is updated to the current timestamp anyway, so the builder essentially accumulates only 1 day of interest after 2 days.I believe this is high severity because a community owner can have a drastic decrease in interest gained from a loan which counts as lost rewards. Additionally, this problem does not require a malicious builder because if a builder pays at a wrong time, the loaner receives less interest anyway.
Proof of Concept
lastTimestamp + 2*86400 - 1
noOfDays
rounds down to 1 thereby accumulating500_000 * 100 * 1 / 365000 = 136
tokens for 2 daysTools Used
VS Code
Recommended Mitigation Steps
There are two possible mitigations:
noOfDays
so that any rounding which occurs is negligiblei.e.
noOfDays
calculation and calculate interest in one equation which reduces arithmetic roundingThe text was updated successfully, but these errors were encountered: