Skip to content
This repository has been archived by the owner on Mar 3, 2024. It is now read-only.

evilakela - rollLoan can be frontrunned by lender to set arbitrary terms #150

Closed
sherlock-admin opened this issue Aug 28, 2023 · 0 comments
Closed

evilakela - rollLoan can be frontrunned by lender to set arbitrary terms #150

sherlock-admin opened this issue Aug 28, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Aug 28, 2023
edited by hrishibhat
Loading

evilakela

high

rollLoan can be frontrunned by lender to set arbitrary terms

Summary

Lender can frontrun rollLoan called by borrower with provideNewTermsForRoll and change loan terms.

Vulnerability Detail

Basicly same scenario as in my other finding: "Lender can roll loan with arbitrary terms", but not because rollLoan is permissionless.
Attack path

  1. lender provide good new terms
  2. borrower see it and decided to roll loan, he sends tx
  3. lender see it and calls provideNewTermsForRoll with higher gas fee
  4. if lender's tx executed before, borrower will roll loan with new terms, not what he thought

Impact

Lender arbitrary increase loan debt. Borrower lose collateral if don't repay.

Code Snippet

https://github.com/sherlock-audit/2023-08-cooler/blob/main/Cooler/src/Cooler.sol#L192-L217

Tool used

Manual Review

Recommendation

Allow borrower to directly provide new loan terms: rollLoan(interest, LTC, duration) and then check if it matches loan.request set by lender.

Duplicate of #243
@github-actions github-actions bot closed this as completed Sep 1, 2023
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Sep 1, 2023
@sherlock-admin2 sherlock-admin2 changed the title Innocent Lilac Cyborg - rollLoan can be frontrunned by lender to set arbitrary terms evilakela - rollLoan can be frontrunned by lender to set arbitrary terms Sep 12, 2023
@sherlock-admin2 sherlock-admin2 added the Reward A payout will be made for this issue label Sep 12, 2023
@Oot2k Oot2k mentioned this issue Sep 15, 2023
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin @sherlock-admin2