Inaccurate Debt Calculation in Loan Transfer
Summary
The issue is about inaccurate debt calculation in loan transfer, where the giveLoan function inaccurately calculates the total debt when a lender transfers their loan to another pool.
Vulnerability Details
The vulnerability arises from the giveLoan function, which allows a lender to transfer their loan to another pool. The function calculates the total debt as the sum of the debt, interest, and fee, and then creates a new loan for the borrower using this total value as the debt. This approach is inaccurate as it compounds the interest into the borrower's loan, causing the borrower to pay interest on the total amount rather than the initial debt.
Impact
This vulnerability can lead to significant financial losses for the borrower, who will end up paying interest on a larger amount than the initial debt.
Tools Used
Manual Review
Recommendations
To mitigate this vulnerability, it is recommended to revise the giveLoan function to accurately calculate the debt when a lender transfers their loan to another pool. The revised function should create a new loan for the borrower using the initial debt amount, not the total debt, making sure to have the same start so the borrower can pay the same interest amount as before.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.