0xMosh - Malicious lender can scam borrower by increasing the interest way too much after loan being issued and take borrower's collateral.

[sherlock-admin2]

0xMosh

high

Malicious lender can scam borrower by increasing the interest way too much after loan being issued and take borrower's collateral.

Summary

In Cooler.sol , provideNewTermsForRoll function is used to update the loan with new terms . Only lender can call the function .
And the rollLoan function is used to update the terms of the loan . Anybody can call the function but have to pay the excess collateral .

This arises an exploit scenario where a malicious lender can increase the interest way too much by calling provideNewTermsForRoll function and updating the loan terms by calling rollLoan function .Malicious borrower will only update the interest so that he doesnot have to pay any extra collateral while calling rollLoan function .

If this occurs , borrower will be unable to repay the debt as it increases too much . Malicious lender will claim borrowers collateral after the loan gets defaulted(expired) and profit (loans are overcollateralized) . And the borrower got scammed !

Vulnerability Detail

see summary
provideNewTermsForRoll function looks like this :

 function provideNewTermsForRoll(
        uint256 loanID_,
        uint256 interest_,
        uint256 loanToCollateral_,
        uint256 duration_
    ) external {
        Loan storage loan = loans[loanID_];

        if (msg.sender != loan.lender) revert OnlyApproved();

        loan.request =
            Request(
                loan.amount,
                interest_, //<-------Malicious lender increases it too much 
                loanToCollateral_,
                duration_,
                true
            );
    }

rollLoan function looks like this :

 function rollLoan(uint256 loanID_) external { //<----updates the terms by calling this .
        Loan memory loan = loans[loanID_];

        if (block.timestamp > loan.expiry) revert Default();
        if (!loan.request.active) revert NotRollable();

        // Check whether rolling the loan requires pledging more collateral or not (if there was a previous repayment).
        uint256 newCollateral = newCollateralFor(loanID_);
        uint256 newDebt = interestFor(loan.amount, loan.request.interest, loan.request.duration);

        // Update memory accordingly.
        loan.amount += newDebt; //< ------- now debt is increased too much to repay 
        loan.collateral += newCollateral;
        loan.expiry += loan.request.duration;
        loan.request.active = false;

        // Save updated loan info in storage.
        loans[loanID_] = loan;

        if (newCollateral > 0) {
            collateral().safeTransferFrom(msg.sender, address(this), newCollateral);
        }

        // If necessary, trigger lender callback.
        if (loan.callback) CoolerCallback(loan.lender).onRoll(loanID_, newDebt, newCollateral);
    }

Impact

Borrower may get scammed and loss his collateral !

Code Snippet

https://github.com/sherlock-audit/2023-08-cooler/blob/main/Cooler/src/Cooler.sol#L282

Tool used

Manual review

Recommendation

Multiple options are there to mitigate the issue :

1. Define a maxInterestRate constant and checks everytime if provided interest maintains that or not .
2. Let the borrower confirm the new terms provided .

Duplicate of #26