deadrxsezzz - Lender can front-run rollLoan and call provideNewTermsForRoll with unfavorable terms

[sherlock-admin2]

deadrxsezzz

high

Lender can front-run rollLoan and call provideNewTermsForRoll with unfavorable terms

Summary

Lender can front-run rollLoan and result in borrower accepting unfavorable terms.

Vulnerability Detail

After a loan is created, the lender can provide new loan terms via provideNewTermsForRoll. If they are reasonable, the user can then accept them. However this opens up a risky scenario:

1. User A borrows from lender B
2. Lender B proposes new suitable terms
3. User A sees them and calls rollLoan to accept them
4. Lender B is waiting for this and sees the pending transaction in the mempool
5. Lender B front-runs user A's transaction and makes a new call to provideNewTermsForRoll will an extremely high interest rate
6. User A's transaction now executes and they've accepted unfavorable terms with extremely high interest rate

Impact

User may get mislead in to accepting unfavorable terms and overpaying interest

Code Snippet

https://github.com/sherlock-audit/2023-08-cooler/blob/main/Cooler/src/Cooler.sol#L192
https://github.com/sherlock-audit/2023-08-cooler/blob/main/Cooler/src/Cooler.sol#L282

Tool used

Manual Review

Recommendation

When calling rollLoan let the user pass a parameter consisting of the max interest rate they are willing to accept to prevent from such incidents.

[0xrusowsky]

• fix: extension design to make it fully trustless ohmzeus/Cooler#63

[jkoppel]

This is moot because rollLoan no longer exists.

[MLON33]

From @0xrusowsky: Cooler says the fix for this issue has been validated by @jkoppel. The protocol team acknowledges this issue: “...he (@jkoppel) validated it afterwards in discord and another issue (#119).”