Vulnerable of Frontrun attack in borrow() of lender.sol
Summary
Frontrun attack possible in borrow() of lender.sol
Vulnerability Details
As anyone can call the borrow() and open a borrow position so whenever a borrower comes and opens a borrow position by calling borrow() function , afterwards the transaction goes in mempool and can be seen by everyone so if the lender is malicious he can see the transactions in the mempool and frontrun the transaction and making the interest rate of loan to max interest rate that is 10000% for that poolid which borrower has opened the position for by calling updateInterestRate()
(https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L221) so now the interest rate for that poolid of that borrower would change and it would not be same as expected.
Impact
Interest Rate would become high after frontrunning the transaction which will be not expected by borrower and have to pay the interest rate according to the interest rate set by lender which will be big loss for borrower because of interest rate becoming high than expected.
Tools Used
Manual review
Recommendations
Add a parameter to check the transaction executed in the same block to avoid frontrunning.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.