Borrower can avoid auction by refinancing to same pool
Summary
Borrower can avoid auction by refinancing to same pool. As result lender will not be able to sell this loan.
Vulnerability Details
When lender decided to quit loan, then he can start auction. The anyone can buy this loan during auction time. In case if no one bought it, then owner can seize loan. So the main purpose of lender is to get funds back and quit loan.
But malicious borrower can see that and call refinance for that loan and provide same pool. As result his auctionStartTimestamp will be reset and lender will need to start auction again. As rate increases with time, that means that usually no one will buy this loan early and they will wait some time, for example 1 day(depends on auction length).
This makes such approach to not be as costly, as borrower will need to refinance once a day to block lender and have good rate.
But this makes big problems for the lender who wants back his funds as he need to wait more. Of course, lender has ability to block refinance(by removing funds from pool), but this can be not convenient and needs additional work.
In same way borrower can frontrun seizeLoan.
Impact
Lender can't quit loan.
Tools Used
VsCode
Recommendations
Maybe don't allow borrower to refinance to same pool. Or do not allow to do that when auction is started.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.