Any borrower can avoid liquidation by doing a `refinance` with small amounts of tokens
Summary
Any borrower that has a loan due to be seized can call refinance with small amount and move his loan to a different pool, stopping the liquidation/seizing.
Vulnerability Details
When an auction is started on any loan it's start time is set and from this moment on-wards the pool owner who started the auction can call seizeLoan to seize the loan and claim it's collateral. However any borrower can set up a fron-runner bot and when he sees that his loan is gonna be seized he can call refinance with small amount of collateral/loan tokens and move his loan to another pool, and because with refinance the loan auction start time is reset it's pending call to seizeLoan will also fail.
This is all possible mainly because under refinance the borrower is not expected to pay any part for his loan, as long as he matches the next pool loan to collateral ratio he is free to move.
Impact
Borrower can DoS seizeLoan making his function not sizable.
Tools Used
Manual review
Recommendations
Place a if statement that prohibits a borrower to call refinance.
Or make him pay some part of the loan in order to be eligible to refinance.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.