Skip to content
This repository has been archived by the owner on Mar 3, 2024. It is now read-only.

ubl4nk - rollLoan is vulnerable to front-running #16

Closed
sherlock-admin opened this issue Aug 28, 2023 · 0 comments
Closed

ubl4nk - rollLoan is vulnerable to front-running #16

sherlock-admin opened this issue Aug 28, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Aug 28, 2023
edited by hrishibhat
Loading

ubl4nk

high

rollLoan is vulnerable to front-running

Summary

A malicious lender is able to front-run rollLoan and increases debt amount.

Vulnerability Detail

  • Lender provides new terms for rolling over the loan.
  • Borrower accepts and calls rollLoan.
  • Lender front-runs the borrower transaction and calls provideNewTermsForRoll with new terms (for example he sets a higher number for interest which leads to higher debt amount for borrower).

Impact

Borrower may pay more collateral and repay as much as lender ask.

Code Snippet

https://github.com/sherlock-audit/2023-08-cooler/blob/6d34cd12a2a15d2c92307d44782d6eae1474ab25/Cooler/src/Cooler.sol#L282-L300
https://github.com/sherlock-audit/2023-08-cooler/blob/6d34cd12a2a15d2c92307d44782d6eae1474ab25/Cooler/src/Cooler.sol#L192-L217

Tool used

Manual Review

Recommendation

Duplicate of #243
@github-actions github-actions bot closed this as completed Sep 1, 2023
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Sep 1, 2023
@sherlock-admin2 sherlock-admin2 changed the title Urban Admiral Haddock - rollLoan is vulnerable to front-running ubl4nk - rollLoan is vulnerable to front-running Sep 12, 2023
@sherlock-admin2 sherlock-admin2 added the Reward A payout will be made for this issue label Sep 12, 2023
@Oot2k Oot2k mentioned this issue Sep 15, 2023
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin @sherlock-admin2