peanuts - Max collateral check is not done when increasing collateral balance

[sherlock-admin]

peanuts

medium

Max collateral check is not done when increasing collateral balance

Summary

There is no max collateral check when increasing the collateral balance using increaseCollateralBalance()

Vulnerability Detail

When a user calls borrow(), there is a check for borrowingCollateral. The check makes sure that borrowingCollateral is not greater than maxCollateral

File: LiquidityBorrowingManager.sol
492:         uint256 borrowingCollateral = cache.borrowedAmount - cache.holdTokenBalance;
493:         (borrowingCollateral > params.maxCollateral).revertError(
494:             ErrLib.ErrorCode.TOO_BIG_COLLATERAL
495:         );

maxCollateral is defined as the maximum amount of collateral that can be provided for the loan.

File: LiquidityBorrowingManager.sol
35:         /// @notice The maximum amount of collateral that can be provided for the loan
36:         uint256 maxCollateral;

However, when increaseCollateralBalance is called, the maxCollateral variable is not checked.

File: LiquidityBorrowingManager.sol
371:     function increaseCollateralBalance(bytes32 borrowingKey, uint256 collateralAmt) external {
372:         BorrowingInfo storage borrowing = borrowingsInfo[borrowingKey];
373:         // Ensure that the borrowed position exists and the borrower is the message sender
374:         (borrowing.borrowedAmount == 0 || borrowing.borrower != address(msg.sender)).revertError(
375:             ErrLib.ErrorCode.INVALID_BORROWING_KEY
376:         );
377:         // Increase the daily rate collateral balance by the specified collateral amount
               //@audit -- No max collateral balance check
378:         borrowing.dailyRateCollateralBalance +=
379:             collateralAmt *
380:             Constants.COLLATERAL_BALANCE_PRECISION;
381:         _pay(borrowing.holdToken, msg.sender, VAULT_ADDRESS, collateralAmt);
382:         emit IncreaseCollateralBalance(msg.sender, borrowingKey, collateralAmt);
383:     }

Impact

Without checking maxCollateral, the leverage position may be unnecessarily overcollaterized.

Code Snippet

https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/LiquidityBorrowingManager.sol#L371-L383

Tool used

Manual Review

Recommendation

Recommend checking the max collateral amount when calling increase collateral balance

[seeques]

Escalate

This is not a duplciate of #86. Furthermore, it is invalid. maxCollateral represents a maximum amount of collateral a borrower wishes to give, and it is provided by the borrower in the borrow() function. There is no need for it in the increaseCollateralBalance() since in this case the borrower decides for how much collateral he wants to increase his position explicitly by passing the collateralAmt as the function argument.

[sherlock-admin2]

Escalate

This is not a duplciate of #86. Furthermore, it is invalid. maxCollateral represents a maximum amount of collateral a borrower wishes to give, and it is provided by the borrower in the borrow() function. There is no need for it in the increaseCollateralBalance() since in this case the borrower decides for how much collateral he wants to increase his position explicitly by passing the collateralAmt as the function argument.

You've created a valid escalation!

To remove the escalation from consideration: Delete your comment.

You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.

[nevillehuang]

Agree with the above comments. increaseCollateral() does not require an explicit max collateral ratio check, since there is no additional benefits of simply increasing collateral without borrowing.

[Czar102]

Will be accepting the escalation and making this submission invalid.

[Evert0x]

Result:
Invalid
Unique

[sherlock-admin2]

Escalations have been resolved successfully!

Escalation status:

• seeques: accepted