0xrobsol - Interest Calculation Exclusion in Defaulted Loan Liquidation Process

Question

0xrobsol - Interest Calculation Exclusion in Defaulted Loan Liquidation Process

Closed this issue 2 months ago · 0 comments

0xrobsol

medium

Interest Calculation Exclusion in Defaulted Loan Liquidation Process

Summary

The function liquidateDefaultedLoanWithIncentive in the smart contract does not include interest calculations when determining the amount owed on defaulted loans. This could lead to financial losses as lenders may not recover the accrued interest on defaulted loans.

Vulnerability Detail

In the current implementation, the liquidateDefaultedLoanWithIncentive function calls getAmountOwedForBid with the _includeInterest parameter explicitly set to false. This results in the function always returning only the principal amount of the loan, excluding any interest that should have accrued up to the point of default.

Impact

Excluding interest in the debt recovery process of defaulted loans undermines the lender's ability to recoup the full debt owed, which includes both the principal and interest. This not only affects the profitability of lending but also reduces the deterrent effect against defaulting on loans.

Code Snippet

https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L426

Tool used

Manual Review

Recommendation

To ensure that lenders can recover the full amount owed, including interest, on defaulted loans, the following changes are recommended:

Modify Debt Calculation Logic: Update the liquidateDefaultedLoanWithIncentive function to include interest when calculating the amount owed by setting _includeInterest to true.

Duplicate of #121