Summary

Reentrancy attack possible in the borrow function

Vulnerability Details

A malicious Borrower can borrow more and more debt with the same collateral deposited because the the lender.sol contract in line 269 transfers the loan tokens to the borrower and after that updates the loans array due to this a malicious borrower can call the borrow function again and again as much times as he want and after that transfer the collateral to the contract thus causing reentrancy attack.

Impact

Loans of value greater than the collateral deposited can be taken by the borrower and might not even repay the loans back.

Tools Used

Manual review

Recommendations

Firstly the transferfrom should be called transfering the collateral tokens to the contract.Also firstly update the loans array and then make external calls for transferring the tokens. Further Implement CEI(check effects and interaction)pattern in the lender.sol contract wherever the updates are made after making external calls like in repay function also firstly calls are made then changes are updated which violates CEI pattern