Skip to content

Latest commit

 

History

History
98 lines (66 loc) · 2.91 KB

096.md

File metadata and controls

98 lines (66 loc) · 2.91 KB

Fast Cerulean Armadillo

Medium

lastCumulativeRate Not Updated at start in Deposit and Withdraw Functions

Summary

The functions depositTokens and withDraw in borrowing contract fail to update the lastCumulativeRate at the beginning of execution, causing inaccurate debt calculations. This allows users to deposit or withdraw funds using outdated cumulative rates, leading to discrepancies.

Root Cause

Deposit Function Issue: When a user deposits funds, the lastCumulativeRate is not updated before calculating the normalizedAmount. This causes the deposit to be processed with an outdated cumulative rate with lower amount. This would result user paying more debt than expected.

 function depositTokens(
        BorrowDepositParams memory depositParam )  {
        //

        totalNormalizedAmount = BorrowLib.deposit(
            BorrowLibDeposit_Params(
                LTV,
                APR,
                lastCumulativeRate,
                totalNormalizedAmount,
                exchangeRate,
                ethPrice,
                lastEthprice
            ),
            depositParam,
            Interfaces(treasury, globalVariables, usda, abond, cds, options),
            assetAddress
        );

        /@audit lastCumulativeRate is only updated at the end 
        calculateCumulativeRate();
//
}

 function deposit(
        IBorrowing.BorrowLibDeposit_Params memory libParams,
        IBorrowing.BorrowDepositParams memory params,
        IBorrowing.Interfaces memory interfaces,
        mapping(IBorrowing.AssetName => address assetAddress) storage assetAddress
    ) public returns (uint256) {
//

        // Calculate normalizedAmount
        uint256 normalizedAmount = calculateNormAmount(tokensToMint, libParams.lastCumulativeRate);

//
}

https://github.com/sherlock-audit/2024-11-autonomint/blob/0d324e04d4c0ca306e1ae4d4c65f0cb9d681751b/Blockchain/Blockchian/contracts/lib/BorrowLib.sol#L750

Withdraw Function Issue: During withdrawal, the lastCumulativeRate is also not updated before calculating the debt, causing the system to underestimate the debt, enabling users to pay less debt.

            uint256 borrowerDebt = calculateDebtAmount(depositDetail.normalizedAmount, params.lastCumulativeRate);

    function calculateDebtAmount(
        uint256 amount,
        uint256 cumulativeRate
    ) public pure returns (uint256) {
        return (amount * cumulativeRate) / RATE_PRECISION;
    }

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

  1. A user initiates withdrawal with an outdated lastCumulativeRate.
  2. The debt amount is calculated as lower than expected.
  3. The user pay less than they are entitled to.

Impact

User pay more debt when they deposit and pay lower debt when they withdraw

PoC

No response

Mitigation

Update lastCumulativeRate at the beginning of depositTokens and withDraw functions.