This repository has been archived by the owner on May 26, 2023. It is now read-only.
HollaDieWaldfee - Cooler: repay function can be front-run so borrowers transaction reverts #28
Comments
github-actions
bot
added
Duplicate
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
HollaDieWaldfee
medium
Cooler: repay function can be front-run so borrowers transaction reverts
Summary
The
Cooler.repayfunction is used to repay a loan.An attacker can call this function with a very small amount and front-run the borrower's transaction to fully repay the loan.
Thereby the borrower's transaction reverts because
loan.amount -= repaidunderflows:https://github.com/sherlock-audit/2023-01-cooler/blob/main/src/Cooler.sol#L118
Vulnerability Detail
The vulnerable function:
https://github.com/sherlock-audit/2023-01-cooler/blob/main/src/Cooler.sol#L108-L124
The line that reverts when an attacker front-runs the victim and the victim tries to repay the full loan:
https://github.com/sherlock-audit/2023-01-cooler/blob/main/src/Cooler.sol#L118
Impact
An attacker can DOS transactions of users that try to repay the full loan.
Code Snippet
https://github.com/sherlock-audit/2023-01-cooler/blob/main/src/Cooler.sol#L108-L124
Tool used
Manual Review
Recommendation
Only allow the borrower to repay his loan or if
repaid > loan.amountthen only transferloan.amount:debt.transferFrom(msg.sender, loan.lender, loan.amount);Duplicate of #218
The text was updated successfully, but these errors were encountered: