`repay()` can be fronran by malicious Lender to charge higher interest rates
Summary
A malicious lender can fronrun a borrowers attempt to repay their loan with a call to update their interest causing a user to pay more in fees than they otherwise should have.
Vulnerability Details
In the Lender.sol contract a Lender is able to change their interest rate. The problem is that this can be done arbitrarily, without a timelock and without accounting for the period of time at which the interest rate was lower at time a versus higher at time b -- meaning that a malicious lender can watch the mempool for a user trying to repay their loan in their pool and update their interest rate to the max of 1000%.
Impact
This will cause a borrower to loose a significant amount of funds.
Tools Used
manual review
Recommendations
Add a timelock that prevents these critical changes from being made immediately, or account for the time at which a loan holds different interest rates. eg if 99% of the lifetime had an interest rate of 0% and only 1% of its lifetime at 1000%, this should be taken into account in the _calculateInterest(loan) function.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.