`giveLoan` dosnt do proper input validation
Summary
giveLoan input validation doesn't work as expected
Vulnerability Details
This interset check doesn't work
if the loan.interst=0 then nobody besides 0-interest pools can take the loans but it should be allowed for any pool since it does not hurt them
if loan interest is higher the interest rate it will be allowed when it shouldn't be
Example:
Alice has pool terms with 0 interest
Bob the lender has 90% interest loan since the check is wrong Alice will get the risky loan then can cause him to risk
That check is giving the borrower a better rate but also making it riskier for Alice without her permission because the check is wrong
the ways these check works are explained below
If loan interest is higher than poolIntrest then that works
but doesn't check if interest is too high ex:60poolI and 80LoanI which is ok in giving the risk but there is no maximum risk of interest
Example:
LoanInterest=0 then PoolIInterest=0 causing some reverts and other issues explained in other submissions
if ex: Loan-80 and Pool=0 then this shouldn't be since the Loaner cant specify how much risk they're in that that loan
See the issue:
Impact
reverts and more risk for each party causing opportunely loss
Tools Used
Recommendations
specify min/max ranges
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.