onthehunt - Calculation of leverage ratio is not as intended

[sherlock-admin2]

onthehunt

Medium

Calculation of leverage ratio is not as intended

Summary

The struct MethodologySettings has a field called recenteringSpeed which states that it is used as a value to go back to the targetLeverageRatio and it is used in _calculateNewLeverageRatio().

The issue stems from that the calculation doesn't make the _currentLeverageRatio go to the targetLeverageRatio,
just as a percentage of recenteringSpeed

Root Cause

The problem stems from the following:
Let's say we have a minLeverageRatio of 2, maxLeverageRatio of 3, targetLeverageRatio of 2.5,
_currentLeverageRatio of 2.25 and recenteringSpeed being equal to a value corresponding to 15%.

(I will use floating numbers for simplicity, we all know Solidity works with whole numbers only)

a will be -> 2.5 * 1.15 = 2.875
b will be -> 0.85 * 2.25 = 1.9125
c will be -> a + b = 4.7875
d will take the minimum value between c and maxLeverageRatio, which will be later in our example -> 3
and the return statement will take the max value between minLeverageRatio and d which will be again the latter of -> 3

We started with a _currentLeverageRatio of 2.25 and right now we are at maxLeverageRatio of 3 after the calculation which is against the specified comment and is a lot more volatile than anticipated, given the 15% of recenteringSpeed.

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

1. Keeper bot sees that it can call rebalance() and calls it
2. Inside it, we execute _calculateNewLeverageRatio() to calculate the new leverage ratio
3. The calculation is a lot more volatile than expected and results in unexpected behaviour

Impact

The impact is an incorrect leverage calculation, resulting in a potentially lost funds

PoC

No response

Mitigation

Rewrite the _calculateNewLeverageRatio() with a logic changing the _currentLeverageRatio correctly given the recenteringSpeed, so it works as expected