Hard Audit: don't let users borrow from reserves (#827)

* don't borrow from reserves * use safesub and throw error
2024-12-26 08:15:19 +00:00 · 2021-02-16 15:45:57 +01:00 · 2021-02-16 15:45:57 +01:00 · 53eab47c07
commit 53eab47c07
parent 58573e7b26
4 changed files with 67 additions and 47 deletions
--- a/x/hard/alias.go
+++ b/x/hard/alias.go
@ -97,6 +97,7 @@ var (
 	ErrAccountNotFound                  = types.ErrAccountNotFound
 	ErrBorrowEmptyCoins                 = types.ErrBorrowEmptyCoins
 	ErrBorrowExceedsAvailableBalance    = types.ErrBorrowExceedsAvailableBalance
 	ErrExceedsProtocolBorrowableBalance = types.ErrExceedsProtocolBorrowableBalance
 	ErrBorrowNotFound                   = types.ErrBorrowNotFound
 	ErrBorrowNotLiquidatable            = types.ErrBorrowNotLiquidatable
 	ErrBorrowedCoinsNotFound            = types.ErrBorrowedCoinsNotFound
@ -121,6 +122,7 @@ var (
 	ErrPreviousAccrualTimeNotFound      = types.ErrPreviousAccrualTimeNotFound
 	ErrPriceNotFound                    = types.ErrPriceNotFound
 	ErrSuppliedCoinsNotFound            = types.ErrSuppliedCoinsNotFound
 	ErrReservesExceedCash               = types.ErrReservesExceedCash
 	GovDenom                            = types.GovDenom
 	KeyMoneyMarkets                     = types.KeyMoneyMarkets
 	ModuleCdc                           = types.ModuleCdc
--- a/x/hard/keeper/borrow.go
+++ b/x/hard/keeper/borrow.go
@ -116,6 +116,20 @@ func (k Keeper) ValidateBorrow(ctx sdk.Context, borrower sdk.AccAddress, amount
 		return types.ErrBorrowEmptyCoins
 	}
 	// The reserve coins aren't available for users to borrow
 	hardMaccCoins := k.supplyKeeper.GetModuleAccount(ctx, types.ModuleName).GetCoins()
 	reserveCoins, foundReserveCoins := k.GetTotalReserves(ctx)
 	if !foundReserveCoins {
 		reserveCoins = sdk.NewCoins()
 	}
 	fundsAvailableToBorrow, isNegative := hardMaccCoins.SafeSub(reserveCoins)
 	if isNegative {
 		return sdkerrors.Wrapf(types.ErrReservesExceedCash, "reserves %s > cash %s", reserveCoins, hardMaccCoins)
 	}
 	if amount.IsAnyGT(fundsAvailableToBorrow) {
 		return sdkerrors.Wrapf(types.ErrExceedsProtocolBorrowableBalance, "requested borrow %s > available to borrow %s", amount, fundsAvailableToBorrow)
 	}
 	// Get the proposed borrow USD value
 	moneyMarketCache := map[string]types.MoneyMarket{}
 	proprosedBorrowUSDValue := sdk.ZeroDec()
--- a/x/hard/keeper/borrow_test.go
+++ b/x/hard/keeper/borrow_test.go
@ -220,7 +220,7 @@ func (suite *KeeperTestSuite) TestBorrow() {
 			},
 			errArgs{
 				expectPass: false,
-				contains:   "exceeds module account balance:",
+				contains:   "exceeds borrowable module account balance",
 			},
 		},
 		{
--- a/x/hard/types/errors.go
+++ b/x/hard/types/errors.go
@ -65,4 +65,8 @@ var (
 	ErrInvalidIndexFactorDenom = sdkerrors.Register(ModuleName, 29, "no index factor found for denom")
 	// ErrBelowMinimumBorrowValue error for when a proposed borrow position is less than the minimum USD value
 	ErrBelowMinimumBorrowValue = sdkerrors.Register(ModuleName, 30, "invalid proposed borrow value")
 	// ErrExceedsProtocolBorrowableBalance for when a requested borrow exceeds the module account's borrowable balance
 	ErrExceedsProtocolBorrowableBalance = sdkerrors.Register(ModuleName, 31, "exceeds borrowable module account balance")
 	// ErrReservesExceedCash for when the protocol is insolvent because available reserves exceeds available cash
 	ErrReservesExceedCash = sdkerrors.Register(ModuleName, 32, "insolvency - protocol reserves exceed available cash")
 )