Malicious lender might be able to take more loan tokens than deposited to lender.sol contract due to reentrancy
Summary
CEI(check,effect and interaction) pattern is not followed due which there can be reentrancy attacks possible.
Vulnerability Details
If the pool lender updates the pool using setPool function and then it decreases it's poolBalance then the lender.sol contract transfers the extra loan tokens in the contract to the pool lender but here comes the attack if the pool lender is a malicious contract then it can call the set function again from the pool lender contract and as the updates to the pool are made at the end so if the set pool is called again by the malicious pool lender contract it would appear as if the function is called first time and again the lender.sol contract transfers the loan tokens to the pool lender.
Impact
Malicious pool lender can drain the loan tokens from the lender.sol contract
Tools Used
Manual Review
Recommendations
Implement CEI pattern correctly firstly update the changes then make external calls
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.