Borrower can get loan tokens without depositing the collateral.
Summary
Borrower can get loan tokens without depositing the collateral tokens by calling setpool function and setting himself as the lender.
Vulnerability Details
There are some tokens which do not revert on failed transfer instead return boolean false on failed transfer but this contract is not checking for the returned boolean so a borrower can use this to exploit the contract and get some loan tokens for free like firstly he will setpool with some poolbalance and the transferFrom will return false as he won't have loan tokens to transfer to the lender.sol contract but the returned value os not checked so the pool will be set with the pool balance. Now the borrower acting like a lender can give loans to other borrowers with the same loan tokens and earn interest on them.In addition to this the borrower can even update the pool with a new poolBalance with a value less than that of previous poolBalance and get as much loan tokens as he would like from the lender.sol contract.
Impact
Loss of funds for the lender.sol contract as borrower can get loan tokens for free and even more by acting like a lender and getting the interest earned the loans given.
Tools Used
Manual review
Recommendations
Add checks to check for the returned value of the transfer and transferFrom functions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.