#36034 [SC-Medium] truncation in the `present_value_borrow()` can lead to loss of accrued borrow int

Submitted on Oct 16th 2024 at 12:33:35 UTC by @SeveritySquad for IOP | Swaylend

• Report ID: #36034

• Report Type: Smart Contract

• Report severity: Medium

• Target: https://github.com/Swaylend/swaylend-monorepo/blob/9132747331188b86dd8cbf9a1ca37b811d08dddb/contracts/market/src/main.sw?utm_source=immunefi

• Impacts:

Description

Brief/Intro

The Market calculates the present borrow balance of an account via the

• `present_value_borrow()` It multiplies the principal by the `borrow_index` and then divides by the base scale.

• ` principal * base_borrow_index / BASE_INDEX_SCALE_15` ```rust pub fn present_value_borrow(base_borrow_index: u256, principal: u256) -> u256 { principal * base_borrow_index / BASE_INDEX_SCALE_15 } ```

The present value is the principal scaled by the ratio of the borrow indices (which track the accumulative effect of per-block interest changes):

The issue is that the calculation doesn't round in favor of the protocol but in favor of the users unlike the `principal_value_borrow()`, this rounding permits that when the principal and ratio of borrow indices are both small, the resulting value can be equal to the principal due to the automatic truncation of division within sway.

This means that a loan could accrue no actual interest for some time when it is supposed to, allowing the protocol to lose yield for the period before it becomes bigger to account for the interest.

Impact Details

An attacker can take small amounts(`min_borrow`) of borrows and take the cumulated amounts and supply in the market to later gain interest from this rounding issue.

Mitigation

Round up the present value to account for the interests lost

POC

was deemed as optional for this report

Proof of Concept

Proof of Concept