You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 26, 2023. It is now read-only.
The calculation of totalUSDborrowed in openLoan() is not correct
Summary
The openLoan() function wrongly use isoUSDLoaned to calculate totalUSDborrowed. Attacker can exploit it to bypass security check and loan isoUSD with no enough collateral.
Attack example:
<1>Attacker normally loans and produces 10000 isoUSD interest
<2>Attacker repays principle but left interest
<3>Attacker open a new 10000 isoUSD loan without providing collateral
Impact
Attacker can loan isoUSD with no enough collateral.
KingNFT
high
The calculation of
totalUSDborrowed
inopenLoan()
is not correctSummary
The
openLoan()
function wrongly useisoUSDLoaned
to calculatetotalUSDborrowed
. Attacker can exploit it to bypass security check and loan isoUSD with no enough collateral.Vulnerability Detail
vulnerability point
Attack example:
<1>Attacker normally loans and produces 10000 isoUSD interest
<2>Attacker repays principle but left interest
<3>Attacker open a new 10000 isoUSD loan without providing collateral
Impact
Attacker can loan isoUSD with no enough collateral.
Code Snippet
https://github.com/sherlock-audit/2022-11-isomorph/blob/main/contracts/Isomorph/contracts/Vault_Synths.sol#L120
Tool used
Manual Review
Recommendation
See Vulnerability Detail
The text was updated successfully, but these errors were encountered: