This repository has been archived by the owner on Sep 3, 2023. It is now read-only.
ast3ros - [H-01] Liquidation reward can be wrongly calculated because of round. #153
Labels
Duplicate
A valid issue that is a duplicate of an issue with `Has Duplicates` label
Escalation Resolved
This issue's escalations have been approved/rejected
High
A valid High severity issue
Reward
A payout will be made for this issue
ast3ros
high
# [H-01] Liquidation reward can be wrongly calculated because of round.
Summary
Due to rounding errors in the
collateralReward
variable, the liquidation reward may not be calculated accurately.Vulnerability Detail
When liquidation a loan, a user will call the function
pool.liquidate
.https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/Pool.sol#L553
The formula for calculating the collateral reward amount for a partial liquidation is:
https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/Pool.sol#L585-L586
The error occurs when
_amount * userInvertedCollateralRatioMantissa
produces a number lower than 1e18. This causes the collateralReward to be rounded down to 0.This scenario is common when the Collateral Ratio is high (For example in case of borrow USDT - collateral ETH, the collateral ratio could be 2000e18 or 3000e18).
This results in a low
userInvertedCollateralRatioMantissa
(around e15). Therefore, when the liquidation amount is less than e3, the_amount * userInvertedCollateralRatioMantissa
will be less than e18.And
_amount * userInvertedCollateralRatioMantissa / 1e18
is rounded down to 0.POC: please put in ./test/Pool.t.sol
Impact
When a user attempts to partially liquidate a small amount of debt, they may not receive any collateral reward due to rounding errors in the calculation, even though they have paid for the debt. This risk increases when the ERC20 token has fewer decimals and the collateral ratio is higher.
This bug could discourage users from liquidating debt and disrupt the pool's operation.
Code Snippet
https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/Pool.sol#L585-L586
Tool used
Manual Review
Recommendation
Duplicate of #122
The text was updated successfully, but these errors were encountered: