Round Denim Urchin
High
The collateralization ratio check when accept/match proposals is inefficient and lender may suffer a loss due to CTF token price fluctuation.
When proposals are accepted or matched, there is a check to ensure collateralization ratio must be at least 100%, however, it only checks the collateral amount against loan amount, not check the price, hence the collateral price value can be less than the loan value.
PredictDotLoan.sol#L1234-L1241:
function _assertCollateralizationRatioAtLeastOneHundredPercent(
uint256 collateralAmount,
uint256 loanAmount
) private pure {
if (collateralAmount < loanAmount) {
revert CollateralizationRatioTooLow();
}
}Assuming the collateral (CTF token) market price is 0.6u, lender creates a loan offer proposal and sets loanAmount to 1000 and collateralAmount to 2000, hence collateralization amount ratio is 200% and value ratio is 120%.
In prediction market, the conditional token price can be easily influenced by accidental events, and the price of the collateral in the proposal can drops from 0.6u to 0.4u in a few minutes. Now the collateralization value is 800u and is less than the loan value.
Before the lender can cancel the proposal, the attacker can front-run (in Polygon) to accept the loan offer, receives 1000u loan token but only pays 800u collateral.
The lender suffers a loss of 200u and the attacker gains the profit.
No response
Currently there isn't a very secure way to get reliable share prices on-chain, so it is recommended to implement a TWAP mechanism in CTF Exchange and use the TWAP price to provide better slippage protection when proposal are accepted/matched.