Submission Details
Severity:
Missing check for if the `arrays` are equal in `giveLoan()`
Summary
Missing checks for if the arrays are equal in giveLoan() can cause errors and accounting issue when giveLoan() is called.
Vulnerability Details
Each loan id in the array must be paired with a pool id to transfer the loan to but the funtion does chack if the array are equal in length before running the loop, therefore leaving room for errors when the function is called.
File:Lender.sol
function giveLoan(
uint256[] calldata loanIds,
bytes32[] calldata poolIds
) external {
for (uint256 i = 0; i < loanIds.length; i++) {
uint256 loanId = loanIds[i];
bytes32 poolId = poolIds[i];
// get the loan info
Loan memory loan = loans[loanId];
// validate the loan
if (msg.sender != loan.lender) revert Unauthorized();
// get the pool info
Pool memory pool = pools[poolId];
// validate the new loan
if (pool.loanToken != loan.loanToken) revert TokenMismatch();
if (pool.collateralToken != loan.collateralToken)
revert TokenMismatch();
// new interest rate cannot be higher than old interest rate
if (pool.interestRate > loan.interestRate) revert RateTooHigh();
// auction length cannot be shorter than old auction length
if (pool.auctionLength < loan.auctionLength) revert AuctionTooShort();
// calculate the interest
(
// More code...
Impact
Unforeseen outcomes and destruction of the internal accounting of the pools and loans possible.
Tools Used
Manual Review
Recommendations
Checks should be done to ensure that the pools are equal in length before running the loop.
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
70628 USDC / LOC
18,000 USDC
2,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.