[Lines of code](https://github.com/debtdao/Line-of-Credit/blob/audit/code4rena-2022-11-03/contracts/utils/EscrowLib.sol#L34-L44) # Vulnerability details ## Impact The decimals returned by the Chainlink oracles are assumed to be 8 throughout this protocol. However, there are legitimate token / USD pairs that have the corresponding Chainlink oracles to return more than 8 decimals; for example, the AMPL / USD pair's Chainlink oracle returns 18 decimals as shown in . For such tokens, the calculated principal and interest values in USD would be inflated when calling the LineOfCredit.updateOutstandingDebt function; similarly, the calculated collateral values would also be inflated when calling the EscrowLib._getCollateralValue function. This means that the collateral ratios for such tokens calculated by calling the EscrowLib._getLatestCollateralRatio function can be incorrect. For example, the arbiter, who believes that this protocol can support all legitimate Chainlink token / USD pairs, can enable AMPL as a collateral. Then, given that the lender agrees to lend a token to the borrower in which the Chainlink oracle returns 8 decimals for this token's USD pair, the borrower is able to borrow an amount of this token that is worth a large amount in USD while only depositing an amount of AMPL as collateral that is worth a small amount in USD because the calculated collateral ratio is inflated incorrectly. Since the borrower's collateral is worth much less than the debt in USD, the borrower will not repay the debt, and the lender will lose the lent token amount that is worth a lot in USD. function _getLatestCollateralRatio(EscrowState storage self, address oracle) public returns (uint256) { (uint256 principal, uint256 interest) = ILineOfCredit(self.line).updateOutstandingDebt(); uint256 debtValue = principal + interest; uint256 collateralValue = _getCollateralValue(self, oracle); if (debtValue == 0) return MAX_INT; if (collateralValue == 0) return 0; uint256 _numerator = collateralValue * 10**5; // scale to 4 decimals return ((_numerator / debtValue) + 5) / 10; } function _getCollateralValue(EscrowState storage self, address oracle) public returns (uint256) { uint256 collateralValue; // gas savings uint256 length = self.collateralTokens.length; IOracle o = IOracle(oracle); IEscrow.Deposit memory d; for (uint256 i; i < length; ++i) { address token = self.collateralTokens[i]; d = self.deposited[token]; // new var so we don't override original deposit amount for 4626 tokens uint256 deposit = d.amount; if (deposit != 0) { if (d.isERC4626) { // this conversion could shift, hence it is best to get it each time (bool success, bytes memory assetAmount) = token.call( abi.encodeWithSignature( "previewRedeem(uint256)", deposit ) ); if (!success) continue; deposit = abi.decode(assetAmount, (uint256)); } collateralValue += CreditLib.calculateValue( o.getLatestAnswer(d.asset), deposit, d.assetDecimals ); } } return collateralValue; } function updateOutstandingDebt() external override returns (uint256, uint256) { return _updateOutstandingDebt(); } function _updateOutstandingDebt() internal returns (uint256 principal, uint256 interest) { // use full length not count because positions might not be packed in order uint256 len = ids.length; if (len == 0) return (0, 0); bytes32 id; address oracle_ = address(oracle); // gas savings address interestRate_ = address(interestRate); // gas savings for (uint256 i; i < len; ++i) { id = ids[i]; // null element in array from closing a position. skip for gas savings if(id == bytes32(0)) { continue; } (Credit memory c, uint256 _p, uint256 _i) = CreditLib.getOutstandingDebt( credits[id], id, oracle_, interestRate_ ); // update total outstanding debt principal += _p; interest += _i; // save changes to storage credits[id] = c; } } function getOutstandingDebt( ILineOfCredit.Credit memory credit, bytes32 id, address oracle, address interestRate ) external returns (ILineOfCredit.Credit memory c, uint256 principal, uint256 interest) { c = accrue(credit, id, interestRate); int256 price = IOracle(oracle).getLatestAnswer(c.token); principal = calculateValue( price, c.principal, c.decimals ); interest = calculateValue( price, c.interestAccrued, c.decimals ); return (c, principal, interest); } function calculateValue( int price, uint256 amount, uint8 decimals ) public pure returns(uint256) { return price <= 0 ? 0 : (amount * uint(price)) / (1 * 10 ** decimals); } ## Proof of Concept Please add the following test in contracts\tests\SecuredLine.t.sol. This test will pass to demonstrate the described scenario. function test_borrowWhenOracleReturnsCollateralTokenIn18DecimalsAndDebtTokenIn8Decimals() public { // Simulate a situation where the supportedToken2's price returned by the oracle is 1 * 1e18, which has 18 decimals. // Note that borrower has added 1 ether supportedToken2 as collateral in the setUp function; // in this case, borrower's supportedToken2 collateral is worth 1 USD. oracle.changePrice(address(supportedToken2), 1 * 1e18); // lender will lend up to 100 ether supportedToken1. // Since supportedToken1's price returned by the oracle is 1000 * 1e8, which has 8 decimals, // 100 ether supportedToken1 is worth 100 * 1000 USD. _addCredit(address(supportedToken1), 100 ether); bytes32 id = line.ids(0); uint256 supportedToken1BalanceBeforeBorrower = supportedToken1.balanceOf(borrower); // Although borrower's supportedToken2 collateral is only worth 1 USD, // calling the borrow function to borrow all of the 100 ether supportedToken1, which is worth 100 * 1000 USD, does not revert. hoax(borrower); line.borrow(id, 100 ether); // As a result, borrower is able to borrow 100 ether supportedToken1, which is worth 100 * 1000 USD, // while having only 1 ether supportedToken2, which is worth 1 USD, as collateral (uint256 principal,) = line.updateOutstandingDebt(); assertEq(principal, 100 ether * 1000 * 1e8 / 10**18); assertEq(supportedToken1.balanceOf(borrower) - supportedToken1BalanceBeforeBorrower, 100 ether); assertEq(supportedToken2.balanceOf(address(escrow)), 1 ether); } ## Tools Used VSCode ## Recommended Mitigation Steps The token price returned by the Chainlink oracle can be further normalized to always have the same number of decimals that are specified and used for all tokens without causing any precision loss. This normalized token price can then be used for calculating the principle, interest, and collateral values in USD. --- The text was updated successfully, but these errors were encountered: All reactions