buyLoan function should update the auctionLength of the loan
Summary
buyLoan function does not update the auctionLength of the loan with the auctionLength of the new pool. This is problematic because when the new pool owner/lender tries to start an auction for the same loan, the auction continues for a time period that the lender doesn't want.
Vulnerability Details
In the buyLoan function, the following parameters are updated:
One can see that the auctionLength is not updated. The new pool's auctionLength is not assigned to the loan. This should not happen. When the loan is bought by a new lender, they might want to start an auction for this loan at a future date. But, when they try to start an auction it might last for a time duration that is greater/lesser than the auctionLength of their pool. This prevents them from conducting the auction until they want to, which should not be the case. Also, the function should remain consistent with other functions. For example, the refinance function updates the auctionLength as seen here:
Impact
Auction will last longer or shorter than intended when a new lender who buys a loan, tries to start an auction for it at a future date.
Tools Used
Manual review
Recommendations
Update the auction length of the loan:
loans[loanId].auctionLength = pool.auctionLength;
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.