Summary

RemoveFromPool can be frontrunned by a malicious user to DOS the pool or to take all of the loans in the pool

Vulnerability Details

The Lender of the pool use RemoveFromPool to remove loan, but a malicious user can see this transaction in the mempool and to frunrun the RemoveFromPool and use Borrow to take all of the loans, and Dos the pool.
POC:
First Variant:
pool loans - 10000 tokens
maxLoanRatio - 30%
Alice(the lender of the pool) - use RemoveFromPool to remove 4000 tokens
Bob see this - use Borrow and set the debt of the poolBalance - he use more Gas to frontrun the trasnaction of Alice and this way the poolBalance is still 10000 tokens.
Bob will take 7000 tokens.
And Alice Cannot remove 4000 tokens now.

Second Variant:
pool loans - 10000 tokens
maxLoanRatio - 50%
Alice(the lender of the pool) - use RemoveFromPool to remove 5000 tokens
Bob see this - use Borrow and set the debt of the poolBalance - he use more Gas to frontrun the trasnaction of Alice and this way the poolBalance is still 10000 tokens.
Now Bob will have all of the loans in the pool and no one can borrow anymore. And Alice cannot use RemoveFromPool anymore

Impact

Loss of funds. Dos. Unavailable functions

Tools Used

Manual Review

Recommendations

https://github.com/Cyfrin/2023-07-beedle/blob/658e046bda8b010a5b82d2d85e824f3823602d27/src/Lender.sol#L201
add
if( pools[poolId].poolBalance - amount){revert}