Skip to content
This repository has been archived by the owner on Mar 3, 2024. It is now read-only.

deadrxsezzz - If new terms reduce collateral ratio, no collateral is refunded #260

Closed
sherlock-admin opened this issue Aug 28, 2023 · 0 comments
Closed

deadrxsezzz - If new terms reduce collateral ratio, no collateral is refunded #260

sherlock-admin opened this issue Aug 28, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Aug 28, 2023
edited by sherlock-admin2
Loading

deadrxsezzz

medium

If new terms reduce collateral ratio, no collateral is refunded

Summary

If new terms reduce collateral ratio, no collateral is refunded

Vulnerability Detail

After a loan is active, the lender can propose new terms for it, which the borrower can then accepted. The problem is that if the new terms are accepted and collateralRatio is reduced enough so the needed collateral is less than what it was originally, no collateral is then refunded to the user, although it should be.

    function newCollateralFor(uint256 loanID_) public view returns (uint256) {
        Loan memory loan = loans[loanID_];
        // Accounts for all outstanding debt (borrowed amount + interest).
        uint256 neededCollateral = collateralFor(
            loan.amount,
            loan.request.loanToCollateral
        );

        return
            neededCollateral > loan.collateral ?
            neededCollateral - loan.collateral :
            0;
    }

It only checks if neededCollateral is more and new collateral should be deposited.

Impact

User isn't refunded their collateral when they should be.

Code Snippet

https://github.com/sherlock-audit/2023-08-cooler/blob/main/Cooler/src/Cooler.sol#L282C1-L300C6

Tool used

Manual Review

Recommendation

If the new collateral ratio is less than what it was originally, refund the needed part of the collateral to the user

Duplicate of #26
@github-actions github-actions bot closed this as completed Sep 1, 2023
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Sep 1, 2023
@sherlock-admin2 sherlock-admin2 changed the title Generous Juniper Mink - If new terms reduce collateral ratio, no collateral is refunded deadrxsezzz - If new terms reduce collateral ratio, no collateral is refunded Sep 12, 2023
@sherlock-admin2 sherlock-admin2 added the Reward A payout will be made for this issue label Sep 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin @sherlock-admin2