Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Avon>Informational findings>Handling of the ,flatMatchingFee, in the function ,previewBorrow
GeneralOverview
Findings
Medium (4)
Low (5)
Informational (3)Function _previewAccrueInterest and function _accrueInterest calculate the fee shares in different waysHandling of the flatMatchingFee in the function previewBorrowInconsistency between the function getPosition and function _isPositionSafe in calculating borrowed assets
DiscussionLiquidity sufficiency check in the function _flashLoanInconsistency between comments and implementationOracle token decimal variance
Threat ModelComponent: Borrowing (market + limit matching via Orderbook → Pool borrow)Component: Lending (pools providing liquidity via Orderbook → Borrowers)
Audit ResultsAssessment Results
Category: Business Logic

Handling of the flatMatchingFee in the function previewBorrow

Informational Impact
Informational Severity
N/A Likelihood

Description

The function previewBorrow can simulate the execution of a market borrow order or a limit borrow order and return the simulated result. When previewBorrowParams.isCollateral is true, it simulates and returns the amount of loan tokens (loanTokenAmount) obtainable by borrowing with an exact amount of collateral tokens. Otherwise, it returns the amount of collateral tokens required (collateralRequired) to borrow a specified amount of loan tokens.

Although the function previewBorrow adds the flatMatchingFee to the collateralRequired when isCollateral is true, it's intuitive to consider that this function returns the amount of loan tokens that can be borrowed with the exact amount of collateral tokens. This is because it returns the amount of collateral tokens required (including the flatMatchingFee) with the given amount of loan tokens when isCollateral is false.

function previewBorrow(PreviewBorrowParams memory previewBorrowParams)
    external
    view
    returns (
        PreviewMatchedOrder memory previewMatchedOrders,
        uint256 loanTokenAmount,
        uint256 collateralRequired,
        uint256 amountLeft
    )
{
    // [...]
    previewMatchedOrders = previewBorrowParams.isCollateral
        ? lenderTree._previewMatchBorrowWithExactCollateral(
            previewBorrowParams.borrower,
            previewBorrowParams.rate,
            previewBorrowParams.ltv,
            previewBorrowParams.amount,
            previewBorrowParams.collateralBuffer
        )
        : lenderTree._previewMatchBorrow(previewBorrowParams.rate, previewBorrowParams.ltv, previewBorrowParams.amount);
    if ((previewBorrowParams.amount - previewMatchedOrders.totalMatched) > 0) {
        amountLeft = previewBorrowParams.amount - previewMatchedOrders.totalMatched;
    }
    if (previewMatchedOrders.totalMatched > 0) {
        uint256 matchedOrderCount = previewMatchedOrders.totalCount;
        for (uint256 i; i < matchedOrderCount; i++) {
            previewBorrowParams.isCollateral
                ? loanTokenAmount += previewMatchedOrders.amounts[i]
                : collateralRequired += IPoolImplementation(previewMatchedOrders.counterParty[i]).previewBorrow(
                    previewBorrowParams.borrower, previewMatchedOrders.amounts[i], previewBorrowParams.collateralBuffer
                );
        }
        if (flatMatchingFee > 0) {
            collateralRequired += flatMatchingFee;
        }
    }
}

Impact

If the user does not pay attention to the value of returned collateralRequired, the order match may fail during actual execution due to insufficient collateral tokens provided.

Recommendations

Consider deducting the flatMatchingFee from the previewBorrowParams.amount when calling the function _previewMatchBorrowWithExactCollateral.

Remediation

This issue has been acknowledged by AVON TECH LTD, and a fix was implemented in commit a0d3d128.

Zellic © 2025Back to top ↑