You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 26, 2023. It is now read-only.
github-actionsbot opened this issue
Jan 27, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
If user repays more than what is owed the function will revert.
Summary
If user repays more than what is owed the function will revert.
Vulnerability Detail
when repay() is called and repaid is greater than loan.amount then the function will go into the else statement. Here loan.amount is deducted the value of repaid. If repaid is greater than loan.value then the the function will revert.
It can be the source of a DOS attack. If the lender wants the borrower to default on their loan they can front run the users transaction and pay a dust amount to force the victims transaction to revert. For example (with nice whole numbers):
Alice owes bob 100 dai on 1 eth collateral on a 1 hour loan.
Alice attempts to pay back the 100 dai in one repayment.
bob frontruns Alice and pays off 0.01 dai of her debt.
Alice's transaction reverts becasue she over paid.
Bob repeats this until the loan defaults.
Bob collects Alices 1 eth.
Any loan with a relatively short duration can be exploited like this.
Also This can be an issue if the user is paying off the loan last second. This could result in the user defaulting on the loan even though they attempted to pay it back with a sufficient amount.
If repaid is greater than loan amount only use the amount needed to pay the loan back in full. This way any excess gets returned to the user and the function wont revert.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
kiki_dev
medium
If user repays more than what is owed the function will revert.
Summary
If user repays more than what is owed the function will revert.
Vulnerability Detail
when
repay()
is called andrepaid
is greater thanloan.amount
then the function will go into the else statement. Hereloan.amount
is deducted the value ofrepaid
. Ifrepaid
is greater thanloan.value
then the the function will revert.It can be the source of a DOS attack. If the lender wants the borrower to default on their loan they can front run the users transaction and pay a dust amount to force the victims transaction to revert. For example (with nice whole numbers):
Alice owes bob 100 dai on 1 eth collateral on a 1 hour loan.
Alice attempts to pay back the 100 dai in one repayment.
bob frontruns Alice and pays off 0.01 dai of her debt.
Alice's transaction reverts becasue she over paid.
Bob repeats this until the loan defaults.
Bob collects Alices 1 eth.
Any loan with a relatively short duration can be exploited like this.
Also This can be an issue if the user is paying off the loan last second. This could result in the user defaulting on the loan even though they attempted to pay it back with a sufficient amount.
Impact
Code Snippet
https://github.com/sherlock-audit/2023-01-cooler/blob/main/src/Cooler.sol#L118
Tool used
Manual Review
Recommendation
If
repaid
is greater than loan amount only use the amount needed to pay the loan back in full. This way any excess gets returned to the user and the function wont revert.Duplicate of #218
The text was updated successfully, but these errors were encountered: