Users' loan debt can be increased involuntarily by the interest already accrued
Summary
A user's loan debt can be increased by the pool lender if they decide to give the loan to another pool.
Vulnerability Details
Lender.sol's giveLoan() gives an already active loan to another pool. The issue arises because the old pool lender's interest and the protocol fees are paid out of the new pool's balance. The issue arises due to the debt of the loan being set to debt + interest + protocol interest.
From this point on the user will get charged a higher amount in fees and will need to return a higher amount upon repaying the debt. It is an issue as the user didn't approve of such an act, nor did something wrong (i.e. having a bad collateral ratio to get liquidated). This is outright punishing the user in a manner that the user cannot prevent.
Impact
The user will get charged a higher amount of interest because the debt amount is higher than supposed to be. Hence the impact is a direct loss of funds.
Tools Used
Manual Review
Recommendations
Consider re-implementing the loan-giving system in a way that doesn't punish users for mindfully participating in the protocol. Such a debt increase should only happen in a case where the loan gets refinanced due to an auction.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.