Lender protocol owner can default all loans in auctions and seise the collateral
Summary
A malicious/compromised owner can set the zero address as the fee receiver. This will cause all ERC20 tokens that check that they are transferring to 0 to revert and thus breaking all protocol operations. Changing this configuration can also be done instant (no timelock).
If this is done during an auction, nobody can call refinance, or seize the loan after it expires, but when the malicious/compromised owner sets a valid address, all collateral will be passed their auction expiry and can be seized leading to severe user losses.
Vulnerability Details
The fee receiver address can be set using the Lender::setFeeReceiver function:
To this address, on almost all protocol logic, fees are sent:
when repaying a loan; repay
when, as a lender, you give your loan to a new lender; giveLoan
when buying the loan, as a new lender, during an auction; buyLoan
when seizing the collateral after a failed auction; seizeLoan
when refinancing, as a borrower, your loan so your collateral is not lost; refinance
If the ERC20 collateral reverts on sending to zero address, then all these operations will revert. This is very common, OpenZeppelin's implementation, for example, does this
A malicious owner would simply need to call Lender::setFeeReceiver with a non-zero address, after all auctions have expired, and he would then be able to steal all auctioned collateral at that time.
Impact
A malicious protocol owner can make all borrowers default lose their collateral.
Tools Used
Manual analysis.
Recommend Mitigation
do not allow the setting of zero address as a fee receiver
add a timelock for when setting the fee receiver
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.