Skip to content

Prevent bypassing debt ceiling in isolation mode #35

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 24, 2025
Merged

Prevent bypassing debt ceiling in isolation mode #35

merged 4 commits into from
Jul 24, 2025

Conversation

@matchv
Copy link
Collaborator

@matchv matchv commented Jul 22, 2025

The issue:

The current debt_ceiling will truncate (asset_decimal - 2) digit when incrementing, it means if the borrow asset is 6 decimals, debt_ceiling will only increment to the precision of 1 cent (10^4).

A user who micro borrows slightly than 1 cent (9,999 unir) each time, for as many times as possible, will bypass the debt ceiling each and every time, which break the protocol integrity.

//validation_logic.move
let isolation_mode_total_debt =
    pool::get_reserve_isolation_mode_total_debt(mode_collateral_reserve_data) as u256;
let total_debt =
    isolation_mode_total_debt
      + (amount
         / math_utils::pow(
             10,
             (reserve_decimals
                - reserve_config::get_debt_ceiling_decimals())
         )
        );
assert!( total_debt <= isolation_mode_debt_ceiling, … );

The fix:

Add ceil_div() in math library
Use ceil_div() to replace simple division in borrow logic, isolation mode, validation logic etc.
Add more test cases

matchv added 3 commits July 22, 2025 10:10
@matchv
feat(aave-math): add ceil_div function and improve isolation mode deb…
e0d0d7c 
…t calculation precision

- Add ceil_div function to math_utils for accurate ceiling division
- Replace simple division with ceil_div in isolation mode debt calculations
- Improve precision handling in borrow_logic, isolation_mode_logic, and validation_logic
- Fix potential precision loss in debt ceiling calculations
@matchv
test(aave-math): add comprehensive tests for ceil_div function
53f7628 
- Add test cases for basic ceiling division scenarios
- Add edge case tests for zero numerator and division by zero
- Add large number tests to verify precision handling
- Ensure proper error handling for division by zero
@matchv
test(borrow_logic): refactor and improve isolation mode tests
ff08eab 
- Refactor test_repay_with_isolation_mode test for better clarity
- Improve test coverage for isolation mode debt ceiling scenarios
- Add comprehensive test cases for precision handling
- Ensure tests properly validate ceil_div integration
@matchv matchv requested review from meng-xu-cs and mpsc0x as code owners July 22, 2025 03:46
@codecov
Copy link

codecov bot commented Jul 22, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.89%. Comparing base (566c23b) to head (d4732d0).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main      #35      +/-   ##
==========================================
- Coverage   97.08%   96.89%   -0.19%     
==========================================
  Files          16       16              
  Lines         514      515       +1     
==========================================
  Hits          499      499              
- Misses         15       16       +1
Flag Coverage Δ
move 96.89% <ø> (-0.19%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

mpsc0x
mpsc0x approved these changes Jul 22, 2025
View reviewed changes
Copy link
Collaborator

@mpsc0x mpsc0x left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with the implementation and the reasoning behind it. LGTM

@mpsc0x mpsc0x merged commit 0beb083 into main Jul 24, 2025
11 of 12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@meng-xu-cs meng-xu-cs meng-xu-cs approved these changes

@mpsc0x mpsc0x mpsc0x approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@matchv @meng-xu-cs @mpsc0x