Auction length may be shorter than the difference between two blocks
Summary
Currently the setPool() method, which creates a pool in the Lender contract, only checks if the auctionLength is smaller or equal to the MAX_AUCTION_LENGTH and not equal to 0. The lower bound for the auction duration is not restrictive enough. As a result, it is possible to create auctions that will be doomed to failure.
Vulnerability Details
A malicious lender can create a pool with auctionLength set to a value smaller than the timestamp difference between two blocks, for example 1 second. The only scenario in which someone buys the loan in the same block as the auction started is by utilizing backrunning and accepting 0 interestRate, which is highly improbable. Therefore this auction will have almost no chance at succeeding and the lender will be guaranteed to claim the collateral.
Impact
Malicious lenders can claim collaterals without a valid auction, given that they trick the user to borrow from their maliciously configured pool.
Tools Used
Manual review
Recommendations
Change the lower bound of the auctionLenght to a more reasonable value, such as 12 hours.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.