Skip to content
This repository has been archived by the owner on Mar 3, 2024. It is now read-only.

banditx0x - RollLoan can be called on someone else's loan giving them worse conditions or defaulting them in 1 block #20

Closed
sherlock-admin opened this issue Aug 28, 2023 · 0 comments
Closed

banditx0x - RollLoan can be called on someone else's loan giving them worse conditions or defaulting them in 1 block #20

sherlock-admin opened this issue Aug 28, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Aug 28, 2023
edited by sherlock-admin2
Loading

banditx0x

high

RollLoan can be called on someone else's loan giving them worse conditions or defaulting them in 1 block

Summary

rollLoan can be called by any user even if they are not the borrower. A lender could set unfavorable loan conditions and then force the borrower to take them by calling rollLoan().

Vulnerability Detail

  • rollLoan can be called by any user
  • Lender could set the duration by calling function provideNewTermsForRoll(uint256 loanID_uint256 interest_uint256, , loanToCollateral_, 1)
  • In the above call, _duration is set to 1, meaning the loan will be almost immediately default if accepted. They can also change the loanToCollateral and interest.
  • Lender calls rollLoan. Since the collateral does not increase, this is free.
  • Lender gets to default the loan and take the collateral.

Impact

  • Roll loaner can be called on borrower without consent
  • Lender can force loaner to accept unfair loan terms
  • Lender can cause 1 second default of loan to gain unfair profit.

Code Snippet

https://github.com/sherlock-audit/2023-08-cooler/blob/main/Cooler/src/Cooler.sol#L192C25-L217

Tool used

Manual Review

Recommendation

Add a borrower to the loan struct and then check that loan.borrower = msg.sender

Duplicate of #26
@github-actions github-actions bot closed this as completed Sep 1, 2023
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Sep 1, 2023
@sherlock-admin2 sherlock-admin2 changed the title Steep Bamboo Elk - RollLoan can be called on someone else's loan giving them worse conditions or defaulting them in 1 block banditx0x - RollLoan can be called on someone else's loan giving them worse conditions or defaulting them in 1 block Sep 12, 2023
@sherlock-admin2 sherlock-admin2 added the Reward A payout will be made for this issue label Sep 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin @sherlock-admin2