A lender can forcefully take borrowers collateral by setting ```auctionlength``` to 1 second
Summary
A lender can forcefully take borrowers collateral by setting auctionlength to 1 second
Vulnerability Details
lets say alice decide to take a loan she has provided collateral which is much greater/valuable then the loan which she has taken from bob's pool . Bob is a malicious lender he has created a pool with auctionlength to 1 second ,now bob see that alice has taken loan from his pool and provided collateral which is more valuable then the loan bob has provided now bob will call startauction https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L437 on alice loan now the auction will only run for 1 second because bob has set the auctionlength for 1 second :
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L471
after that bob will call seizeLoan https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L548 and take alice collateral.
Impact
lender can forcefully take collateral from borrower
Tools Used
vs
Recommendations
setpool function should have minimum auction length time and it should also have minimum days before a lender can auction borrower loan
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.