Borrower can grief lender via refinancing
Summary
Borrowers can grief the lender of the loan they have taken via refinance functionality.
Vulnerability Details
Beedle provides a way to borrower to find the better deal on ongoing loan via refinance(), where in borrower can set up loan with another lender offering better deal.
The way this works is new lender pool pays for the old pools so far debt and the future rights to interest ans claim to collateral are transfer to them in return, as for the older gets their debt accrued so far from the pool. during this transition beedle also charges protocol interest to the new pool owner which is fine in normal scenario as the borrower is supposed to pay that interest anyway incase of repaying loan.
However, problem arises when the borrower refinance the loan to same lender, for which the borrower does not have any incentive to do so, but the if the borrower can do this, resulting in lender being charged the protocol interest unnecessarily as the lender will be charged the same in future when borrower repays the loan anyway.
Meaning lender will have to pay unnecessary the protocol interest each time borrower calls refinance() with the current lender pool as new pool.
Impact
Borrower can grief the lender
Tools Used
Manual review
Recommendations
Since there is no utility in borrower refinance the loan to same lender pool, add input validation for the same as show below :
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.