buyLoan() will not work as expected.
Summary
buyLoan() will not work as expected due to some parameters.
Vulnerability Details
Consider a poolId and for that poolId the interest rate is set to 10000% and now the lender starts the auction for that poolId . Now the interested buyers of that loan call buyLoan() (https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L465) to buy the loan , but in that case this check (https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L475) would be never be true .
Ex- uint256 timeElapsed = block.timestamp - loan.auctionStartTimestamp;
uint256 currentAuctionRate = (MAX_INTEREST_RATE * timeElapsed) /
loan.auctionLength;
// validate the rate
if (pools[poolId].interestRate > currentAuctionRate) revert RateTooHigh();
supppose - timeElapsed = 1 day , loan.auctionLength = 3 days , MAX_INTEREST_RATE = 10000%
and pools[poolId].interestRate = 10000% which is set earlier by lender
so in this case this case would fail everytime if (pools[poolId].interestRate > currentAuctionRate) revert RateTooHigh();
The lender would not be able to sell the loan and buyer cant buy the loan.
Impact
The lender would not be able to sell the loan and the interested buyer cant buy the loan.
Tools Used
Manual Review
Recommendations
should check the interest rate of poolId earlier and if interest rate is max interest rate then the buyer should be able to directly buy the loan without time being to consideration.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.