DOS all Pool's offer through capacity=0 #25
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-c
primary issue
Highest quality submission among a set of duplicates
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Lines of code
https://github.com/code-423n4/2024-04-gondi/blob/b9863d73c08fcdd2337dc80a8b5e0917e18b036c/src/lib/loans/MultiSourceLoan.sol#L124
Vulnerability details
Vulnerability details
If
offer.capacity=0
, then thisoffer.offerId
becomes one-time.emitLoan()
->_processOffersFromExecutionData()
This gives a malicious attacker an opportunity to maliciously attack all
offers
withlender == Pool
.Example
Bob call
emitLoan(lender == Pool, offerId = 123)
emitLoan(lender == Pool, offerId = 123,capacity=0, duration=0)
repayLoan()
get back nftImpact
DOS all Pool's offer
Recommended Mitigation
If
lender
isLoanManager
, thenoffer.capacity
must not be 0.Assessed type
DoS
The text was updated successfully, but these errors were encountered: