This repository has been archived by the owner on May 26, 2023. It is now read-only.
neumo - Borrower can roll the loan an arbitrary number of times, changing the terms of the loan by too much #227
Comments
github-actions
bot
added
Duplicate
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
neumo
high
Borrower can roll the loan an arbitrary number of times, changing the terms of the loan by too much
Summary
If a loan is rollable, a borrower can call
rollmultiple times extending the loan each time for the initial duration of the loan before the Lender can calltoggleRoll, changing this way the terms of the loan much more than what the Lender could expect when he cleared it.Vulnerability Detail
If a Borrower creates a Cooler, for example with:
When a lender decides to clear it, it is created with
rollable = trueby default, so the borrower can call multiple times therollfunction and extend the loan to, let's say, ten years, before the Lender can calltoggleRollto prevent more extensions. This would change the terms of the request the Lender agreed upon too much, locking his debt tokens 10 times the time of the original request.The Borrower would have to put collateral to cover the loan plus ten years of 2% interest ($22,289 worth of collateral), and would have ten times the original duration of the loan to return the debt.
Impact
High impact
Code Snippet
https://github.com/sherlock-audit/2023-01-cooler/blob/main/src/Cooler.sol#L129-L147
https://github.com/sherlock-audit/2023-01-cooler/blob/main/src/Cooler.sol#L185-L193
Tool used
Manual review.
Recommendation
Make that any call to
rollon a rollable loan toggles the value ofrollableto false, giving control to the lender so that he can decide if he wants to let the borrower extend the loan in the future (viatoggleRoll, and allowing the borrower to call roll only once everytimerollable = true.Duplicate of #215
The text was updated successfully, but these errors were encountered: