New loan auction length not updated
Summary
New loan auction length is not updated after a lender calls the giveLoan function.
Vulnerability Details
There is already a check in the giveLoan function here (https://github.com/Cyfrin/2023-07-beedle/blob/658e046bda8b010a5b82d2d85e824f3823602d27/src/Lender.sol#L375C30-L375C30) that the new pool's auction length is greater than or equal to that of the old pool's auction length. The loan's auction length is however, not updated.
Impact
Borrower would be subjected to first loan's auction length and the new lender, to whose pool the loan was given, would be subjected to the auction length of the old pool which could be a little or a lot shorter that he wants or explicitly accepts as stated in his pool. It is okay to not update the pool.auctionLength in the buyLoan function as it should only be called by the new pool owner so they expressly accept the condition. That is not the case with the giveLoan function.
Side note: In the buyLoan function, there is currently no check that the function is called by the pool owner but that has been submitted in a separate issue. I assume there that the will been fixed.
Tools Used
Recommendations
The loan auction length should be updated to be the new lender's auction length term. If this is done, the borrower's position does not get worse as the longer auction length gives them more time to repay which is good.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.