Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

ali_shehab - Expanding expiry time with 0 collateral #209

Closed
github-actions bot opened this issue Jan 27, 2023 · 0 comments
Closed

ali_shehab - Expanding expiry time with 0 collateral #209

github-actions bot opened this issue Jan 27, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue

Comments

@github-actions
Copy link

github-actions bot commented Jan 27, 2023
edited
Loading

ali_shehab

high

Expanding expiry time with 0 collateral

Summary

There is no restriction on how much a user should set his interest so it can be 0 or 100%. If the user set his interest 0. For example, he offered 52 USDC as collateral for 50 USDT but with an interest of 0 for 1 day. There is a high probability that it would be cleared as a lender will get 52 USDC if the user failed to send the USDT.

Vulnerability Detail

When a user calls the roll they have to add more collateral, however here is the problem. If the interest is 0. Then loan.amount will be equal to req.amount. So the function: collateralFor(loan.amount,req.loanToCollateral) will be equal to collateralFor(req.amount,req.loanToCollateral) .
In the roll function, the new collateral is calculated as follows:

uint256 newCollateral = collateralFor(loan.amount, req.loanToCollateral) - loan.collateral;

In the clear the loan.collateral is calculated as follows:

uint256 collat = collateralFor(req.amount, req.loanToCollateral);

So collat will be equal to collateralFor(loan.amount, req.loanToCollateral) which results that newCollateral = 0. Interest will be 0, so only the expiry data will be expanded.

Impact

Able to expand from time to year before the user notice and make rolls off.
Scenario:

  1. User A add collateral 100 USDC for 50 USDT for 10 days with 0%
  2. User B cleared the request as he may get double if the user failed to give back 50 USDT.
  3. User A call the roll 100 times since he is adding 0 collateral.
  4. Now the expiry data is after 1000 days, even if the lender decided to make the roll off he must wait 1000 days, without getting no more collateral.

Code Snippet

https://github.com/sherlock-audit/2023-01-cooler/blob/main/src/Cooler.sol#L177
https://github.com/sherlock-audit/2023-01-cooler/blob/main/src/Cooler.sol#L139

Tool used

Manual Review

Recommendation

  1. A new way to calculate newCollat in the roll function.
  2. Prevent 0% interset.
  3. The lender should approve the roll.
  4. The roll should be turned off by default.

Duplicate of #215
@github-actions github-actions bot added Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue labels Jan 27, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Feb 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin