Frontrun issues in the `giveLoan` and `buyLoan` function
Summary
The new pool lender can frontrun a previous pool lender transaction to charge a higher interest from the borrower than expected.
Vulnerability Details
The borrower can pay higher interest rate than expected. giveLoan and buyLoan function transfers a loan to a new pool. If the new pool owner sees these transactions in the mempool, it can set its pools' interest rate to the maximum possible (which is loan's current interest rate, or auction's current interest rate).
The loan’s interest rate is coming from pool.interestRate which the new pool lender can increase by calling setPool or updateInterestRate through frontrunning.
Impact
Borrowers will pay the interest rate higher than expected for their loans. However, giveLoan ensures that the interest rate cannot exceed the current loan's interest rate, and buyLoan function ensures that the interest rate cannot exceed the auction's interest rate, the risk is limited.
Tools Used
Manual review.
Recommendations
Update giveLoan and buyLoan function to to include interestRate argument for each loan being given or bought. This denotes the expected interest rate of the new pool. Revert if it doesn't match with the current value of the new pools's interest rate.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.