Vulnerable to Reentrancy attacks due to multiple functions violating the CEI pattern and missing reentrancy guards
Summary
Multiple functions within Lender contract are not following the check-effects-interaction (CEI) pattern and are also unprotected by the nonReentrant modifier. This makes platform vulnerable to attackers which can use malicious ERC20 tokens and reentrancy attacks.
Vulnerability Details
All the major functions of the Lender contract like setPool, borrow, repay, giveLoan, buyLoan, seizeLoan and refinance does not follow the commonly known pattern check-effects-interaction (CEI). On top of that, these functions are missing the nonReentrant modifier by using ReentrancyGuard from Openzeppelin. Without this, the contract is highly vulnerable to reentrancy attacks by attackers using malicious ERC20 tokens.
The attacker starts by creating a malicious ERC20 token contract and creates a pool pair for it. Now using a different address, the attacker then "borrows" tokens from this malicious ERC20 token pair. Since Lender contract doesn't have the necessary protections in place, the attacker will be able to re-enter the contract. With this, the attacker has a wide range of options for exploitation.
Impact
They could manipulate the contract's logic, change states, or in the worst-case scenario, drain all of the funds from the contract using reentrancy attack due to the lack of CEI pattern and a missing nonReentrant modifier.
Tools Used
VS Code
Hardhat
Manual Review
Recommendations
Make sure all internal state changes are performed before the call is executed also known as the Checks-Effects-Interactions pattern.
Use a reentrancy lock (OpenZeppelin's ReentrancyGuard).
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.