Borrower can avoid conditions changed from lender by front-running transactions
Summary
If a borrower sees a function at the mempool which makes the condition worse for him he can repay and avoid changes in the loan conditions.
Vulnerability Details
One example vulnerability can be that pool owner sees that the price of the collateral has dropped and wants to avoid lower earnings so he can modify the pool and give new conditions to the existing loans.
Other one is that feeReceiver wants to increase fees and increase the income of the protocol in the times that WETH price is low. Then he will execute one of the functions which are intended to change all the fee calculations in Lender.sol
Functions that can impact contract's conditions:
setLenderFee
setBorrowerFee
Impact
Increased fees will make borrowers pay their debt earlier which will also decrease interest and fees of the lend, because they are calculated based on block.timestamp and lower incentivise for the lenders to open their pools knowing there is a possibility to lend without earning fees.
Tools Used
Manual
Recommendations
Consider adding timelocks to give time to the borrower to decide whether he wants to withdraw or continue using the protocol. Which will make the whole protocol more trusted and reliable for both sides.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.