Kral01 - [H-01] Malicious lender can set very large interest rates and make the loan unpayable.

[sherlock-admin]

Kral01

high

[H-01] Malicious lender can set very large interest rates and make the loan unpayable.

Summary

Malicious lender can set very large interest rates and make the loan unpayable, leading to the loan getting defaulted and lender getting the collateral.

Vulnerability Detail

In Cooler.sol, the Cooler::provideNewTermsForRoll() function is used to set new terms for the loan by the lender and calling Cooler::rollLoan() which sets those parameters while updating the values. These two functions can be called in succession by a malicious lender to create an attack scenario.

1. Lender calls provideNewTermsForRoll() setting the interest to very high.
2. And calls rollLoan immediately and lender need to only pay newCollateral, which in most cases will be zero. The updated interest is calculated with newDebtand added to loan.amount but never withdrawn from the msg.sender when calling rollLoan() so it does not affect the malcious Lender.
3. Now interest is set to very high and borrower is stuck to pay the abnormal amount of interest and lender can wait till it defaults and get the collateral.

Impact

Lose of collateral for borrower.

Code Snippet

//File:: Cooler.sol
function provideNewTermsForRoll( //@audit so lender can greatly increase interest rate and duration?
        uint256 loanID_,
        uint256 interest_,
        uint256 loanToCollateral_,
        uint256 duration_
    ) external {
        Loan storage loan = loans[loanID_];

        if (msg.sender != loan.lender) revert OnlyApproved();

        loan.request =
            Request(
                loan.amount,
                interest_,
                loanToCollateral_,
                duration_,
                true
            );
    }

Cooler::rollLoan()

         uint256 newCollateral = newCollateralFor(loanID_); //@audit 
        uint256 newDebt = interestFor(loan.amount, loan.request.interest, loan.request.duration);

        // Update memory accordingly.
        loan.amount += newDebt;
        loan.collateral += newCollateral;

Tool used

Manual Review

Recommendation

There are a few ways to address this issue:

1. Set a limit for interest rates, MAX_INTEREST_RATE = 'a reasonable rate' .
2. Make Cooler::rollLoan() only callable by the owner.

   if (msg.sender != owner() ) revert OnlyApproved();

3. Order the statements in a way that make the Lender pay the high interest rate in such a scenario;
   Make this code:

Cooler::rollLoan()
        uint256 newCollateral = newCollateralFor(loanID_); //@audit 
        uint256 newDebt = interestFor(loan.amount, loan.request.interest, loan.request.duration);

        // Update memory accordingly.
        loan.amount += newDebt;
        loan.collateral += newCollateral;

In this order:

Cooler::rollLoan()
       //Update the amount with the new debt
        uint256 newDebt = interestFor(loan.amount, loan.request.interest, loan.request.duration);
        loan.amount += newDebt;

        // Then use the updated amount to calculate newCollateral
         uint256 newCollateral = newCollateralFor(loanID_); //@audit 
        loan.collateral += newCollateral;

Duplicate of #26