Borrower can borrow a loan more than his collateral can back up
Summary
Borrower can borrow a loan more than his collateral can back up
Vulnerability Details
In Lender.sol, borrow() allows anyone to borrow a loan from a pool, even if they do not have the collateral to back up the loan. This means that a malicious borrower could borrow a loan and then default on the loan, which could cause financial losses for the pool.
Impact
For example, malicious borrower borrows 1000 loan tokens from a pool, but they only have 500 collateral tokens to back up the loan. If the borrower then defaults on the loan, the pool would be left with a loss of 500 loan tokens. This vulnerability could be exploited by a malicious borrower to gain an unfair advantage over other borrowers. The malicious borrower could borrow a large amount of loan tokens without having to provide any collateral, and then default on the loan. This would effectively allow the malicious borrower to steal the loan tokens from the pool.
Tools Used
Manual Review
Recommendations
Add require(collateral >= debt && loanRatio <= pool.maxLoanRatio, "Not enough collateral");
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.