Skip to content
This repository has been archived by the owner on Mar 3, 2024. It is now read-only.

james_wu - provideNewTermsForRoll front-runnable #271

Closed
sherlock-admin2 opened this issue Aug 28, 2023 · 0 comments
Closed

james_wu - provideNewTermsForRoll front-runnable #271

sherlock-admin2 opened this issue Aug 28, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Aug 28, 2023
edited by hrishibhat
Loading

james_wu

high

provideNewTermsForRoll front-runnable

Summary

provideNewTermsForRoll front-runnable by malicious lender

Vulnerability Detail

provideNewTermsForRoll front-runnable by malicious lender just before borrower calls rollLoan.
Bad Lender can set high-debt arguments, so that borrower send much collateral than expected.

Impact

borrower send much collateral than expected

Code Snippet

https://github.com/sherlock-audit/2023-08-cooler/blob/main/Cooler/src/Cooler.sol#L282-L301

    function provideNewTermsForRoll(
        uint256 loanID_,
        uint256 interest_,
        uint256 loanToCollateral_,
        uint256 duration_
    ) external {
        Loan storage loan = loans[loanID_];

        if (msg.sender != loan.lender) revert OnlyApproved();

        loan.request =
            Request(
                loan.amount,
                interest_,
                loanToCollateral_,
                duration_,
                true
            );
    }

Tool used

Manual Review

Recommendation

Make lender not able to provide new term if already has request.

Duplicate of #243
@github-actions github-actions bot closed this as completed Sep 1, 2023
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Sep 1, 2023
@sherlock-admin sherlock-admin changed the title Rural Tweed Mule - provideNewTermsForRoll front-runnable james_wu - provideNewTermsForRoll front-runnable Sep 12, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Sep 12, 2023
@Oot2k Oot2k mentioned this issue Sep 15, 2023
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin @sherlock-admin2