Users cannot create pools with the same loan and collateral tokens, but different interest
Summary
The restricting nature of how pool ids get generated doesn't allow for a lender to have multiple pools with the same collateral and loan tokens, but different loan conditions.
Vulnerability Details
getPoolId() generates each pool's unique id, which is created with the collateral token, loan token, and user addresses. This presents an issue with how users can use the protocol due to pools with different conditions, but the same collateral and loan token cannot be created by the same user due to their identifiers being the same.
Impact
A user cannot create multiple pools with the same tokens, but different conditions, thus limiting their options in leveraging the protocol.
Tools Used
Manual Review
Recommendations
Consider adding the following parameters to the calculation of unique ids for pools:
minLoanSize, maxLoanRatio, auctionLength, interestRate.
This way each pool's id will be truly unique, allowing for more flexibility on the user's side.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.