Skip to content

Latest commit

 

History

History
58 lines (40 loc) · 2.73 KB

088.md

File metadata and controls

58 lines (40 loc) · 2.73 KB

Obedient Lava Monkey

Medium

Missing isolation mode exposure check in validateBorrow allows users to breach collateral debt ceilings in isolation mode

Summary

The isolation mode exposure validation in validateBorrow does not correctly ensure that the total debt exposure in isolation mode stays within the reserve's configured debt ceiling. This allows users to borrow beyond the allowed limits, breaking isolation mode guarantees and risking protocol insolvency.

Root Cause

In ValidationLogic.sol, the isolation mode validation relies on the following check:

      require(
        reservesData[params.isolationModeCollateralAddress].isolationModeTotalDebt +
          (params.amount /
            10 ** (vars.reserveDecimals - ReserveConfiguration.DEBT_CEILING_DECIMALS))
            .toUint128() <=
          params.isolationModeDebtCeiling,
        Errors.DEBT_CEILING_EXCEEDED
      );

This calculation assumes that the new debt exposure added by the borrow is correctly scaled, but it does not account for rounding errors or situations where reserveDecimals differ across assets, leading to potential breaches of the debt ceiling.

If reserveDecimals = 18 and DEBT_CEILING_DECIMALS = 6, the scaling factor is 10^(18 - 6) = 10^12. Small amounts of debt (e.g., 10^11) will scale down to 0, allowing these amounts to bypass debt ceiling enforcement entirely.

Internal Pre-conditions

  1. A reserve is set to isolation mode with a specific debt ceiling.
  2. A user borrows an amount close to the ceiling, and rounding differences in the calculation bypass the ceiling enforcement.

External Pre-conditions

  1. Asset prices from the oracle must provide valid values.
  2. The reserve has varying decimal configurations compared to the collateral asset.

Attack Path

  1. A user borrows an amount that, when scaled using reserveDecimals, incorrectly bypasses the debt ceiling due to rounding differences.
  2. The protocol allows the borrow, resulting in a breach of the isolation mode's debt ceiling.
  3. The reserve accumulates excessive exposure, breaking isolation guarantees and exposing the protocol to potential insolvency.

Impact

The protocol's isolation mode becomes ineffective, increasing systemic risk and insolvency potential. Users relying on isolation mode safeguards may face cascading liquidations if reserves exceed their limits.

Mitigation

Use a more precise scaling mechanism for debt ceiling enforcement to eliminate rounding risks.