Incorrect Loan Object Update in giveLoan Function
Summary
The giveLoan function within the smart contract incorrectly updates the loan object, which is declared as a memory object and not storage.
Vulnerability Details
The changes made to the loan object within the function will not persist outside the scope of the function call. As a result, the loan updates will not be saved to storage, potentially leading to inconsistencies and incorrect behavior.
Impact
The giveLoan function aims to process multiple loans given by the lender to different pools. However, the issue arises from incorrectly updating the loan object within the function. The Loan struct is declared as a memory object, which means it is only stored in memory for the duration of the function execution. Any changes made to this memory object will not be stored in the contract's storage and will be lost once the function completes.
In the above code, the function attempts to update the loan object loans[loanId], which is a memory object, not storage. As a memory object, any changes made to it within the function's scope will not persist outside the function, effectively making the updates to the loan object ineffective and not stored in the contract's storage.
Tools Used
Manual review
Recommendations
To address this vulnerability, the Loan struct should be declared as storage instead of memory, ensuring that updates made to the loan object are stored persistently in the contract's storage.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.