You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 3, 2023. It is now read-only.
github-actionsbot opened this issue
Mar 10, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelHighA valid High severity issueRewardA payout will be made for this issue
If userDebt (loan token) is BTC which has a decimal of 1e18 and collateral balance is USDC has a decimal of 1e6, then the collateral ratio will not be scaled to 1e18.
require(userCollateralRatioMantissa <= _currentCollateralRatioMantissa, "Pool: user collateral ratio too high");
Since all the other state variables, like _currentCollateralRatioMantissa, is scaled to 1e18, the protocol will be broken if the collateral and loan token do not have the same decimals.
/// @notice Gets the pool collateral ratio in mantissa (scaled by 1e18)/// @param _lastCollateralRatioMantissa The last collateral ratio of the pool in mantissa (scaled by 1e18)/// @param _maxCollateralRatioMantissa The maximum collateral ratio of the pool in mantissa (scaled by 1e18)/// @param _surgeMantissa The utilization at which the surge threshold is triggered in mantissa (scaled by 1e18)
If the decimals of loan token is lower than the decimals of collateral token, then user collateral ratio will always be lower than current collateral ratio, and the check below will always pass.
require(userCollateralRatioMantissa <= _currentCollateralRatioMantissa, "Pool: user collateral ratio too high");
Impact
Protocol will be broken as comparing collateral ratio will not work as expected.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelHighA valid High severity issueRewardA payout will be made for this issue
peanuts
high
If the collateral token and loan token does not have the same decimal places, collateral ratio will be broken
Summary
If the collateral token and loan token does not have the same decimal places, collateral ratio will be broken.
Vulnerability Detail
The collateral ratio is calculated by taking the user's debt and dividing it by the user's collateral balance, and scaled to 1e18.
If
userDebt
(loan token) is BTC which has a decimal of 1e18 and collateral balance is USDC has a decimal of 1e6, then the collateral ratio will not be scaled to 1e18.Since all the other state variables, like
_currentCollateralRatioMantissa
, is scaled to 1e18, the protocol will be broken if the collateral and loan token do not have the same decimals.If the decimals of loan token is lower than the decimals of collateral token, then user collateral ratio will always be lower than current collateral ratio, and the check below will always pass.
Impact
Protocol will be broken as comparing collateral ratio will not work as expected.
Code Snippet
https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/Pool.sol#L474
https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/Pool.sol#L433
https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/Pool.sol#L206-L215
Tool used
Manual Review
Recommendation
Make sure the two tokens have the same decimal places before anything happens.
Duplicate of #122
The text was updated successfully, but these errors were encountered: