Malicious ERC20 token can reenter `repay()` to drain all collateral
Summary
Malicious ERC20 token can reenter repay function (in Lender.sol) and drain all collateral tokens held by the protocol
Vulnerability Details
An attacker establishes a pool with a malicious loanToken and a legitimate collateralToken. The attacker then borrows from their own pool using a high collateral to loan ratio, and borrows a second time with a low collateral to loan ratio. The attacker then calls repay() on their loan. When repay() is executing, the transferFrom function is called on the malicious loanToken, which then reenters the contract and calls the repay() function on the same loan. (Because the attacker borrowed a second time, inflating the outstandingLoans value of their loan pool, the subtraction on line 314 will not underflow and cause a revert.) The repay() function then transfers to the attacker an amount of collateral tokens equal to the loan collateral, and because the repay() function was called multiple times, the contract executes multiple transfers to the attacker. The attacker can re-enter the contract an arbitrary number of times, draining an arbitrary amount of collateral tokens from the protocol.
Impact
Loss of all collateral tokens held by the protocol. Because all collateral is held by the protocol, the result is loss of all collateral tokens. User funds are directly at risk.
Tools Used
n/a
Recommendations
Lender contract should inherit from OpenZeppelin's ReentrancyGuard contract. Add the nonReentrant modifier to the repay function.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.