20,000 USDC
View results
Submission Details
Severity: medium

The auction duration doesn't get reset upon buying an auctioned loan

Summary

Buying a loan will not change it's auctionLength, leaving it as the old amount it was previously.

Vulnerability Details

When buying a loan placed at a dutch auction with buyLoan() the auctionLength parameter of the loan at hand doesn't get updated to the new pool's auctionLength.

loans[loanId].lender = msg.sender;
loans[loanId].interestRate = pools[poolId].interestRate;
loans[loanId].startTimestamp = block.timestamp;
loans[loanId].auctionStartTimestamp = type(uint256).max;
loans[loanId].debt = totalDebt;
// @audit the auctionLength doesn't get mutated

This presents an issue as loans are supposed to be changed to the new pool's conditions upon getting bought out by that particular pool.

Impact

The new loan will not comply with its new pool's conditions. If the old auctionLength was longer than what the pool is using it can actually even damage the loan's new lender if they decide to auction it as well.

Tools Used

Manual Review

Recommendations

Consider updating the auctionLength of the loan the same way the interestRate gets changed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.