Having too many occurrences of "giveLoan" is unfair to borrowers
Summary
If the "giveLoan" function is called too many times with relatively small differences in interest rates, it will cause the borrower's debt to increase more and more.
Vulnerability Details
Let's take a look at how the "giveLoan" function calculates debt. Each time the "giveLoan" function is called, it adds the borrower's interest to the original debt and then overwrites the value of the original debt. This is an incorrect calculation method. Let's consider a scenario where the "giveLoan" function is called 2 times, and we'll simplify this calculation.
If the "giveLoan" function is not called, the calculation of the debt will be represented by the following equation:
Clearly, the previous calculation will result in the debt increasing over time due to the "giveLoan" function being called multiple times, which is incorrect. One possible exploitation is that a borrower could create multiple lending pools using different identities, with very slight differences in interest rates (to bypass the check for lower interest rates). Then, by calling the "giveLoan" function multiple times, the borrower's debt could become much larger than the original amount. This is a serious issue.
Impact
This will lead to an increase in the user's debt, resulting in financial losses.
Tools Used
vscode
Recommendations
Recommend changing the method of debt calculation by adding an additional variable to store the original debt.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.