Vulnerability in borrow Function - Market Parameter Manipulation
Summary
The borrow() function in Lender.sol is susceptible to a vulnerability where a malicious lender can manipulate market parameters, such as the interestRate, while a borrower's transaction is still pending in the mempool. This manipulation can result in unfavorable loan terms for the borrower, potentially leading to financial losses or undesirable borrowing conditions.
Vulnerability Details
The borrow() function retrieves market parameters, such as interestRate, minLoanSize, and maxLoanRatio, from the Pool struct before creating the loan. However, these parameters can be changed by a malicious lender while a borrower's transaction is pending in the mempool. As a result, there can be a discrepancy between the parameters at the time of loan creation and the actual parameters when the transaction is confirmed.
For instance, if a malicious lender increases the interestRate for new loans while a borrower's transaction is pending, the borrower will receive less favorable loan terms than initially expected.
Impact
The vulnerability can have the following impact on the protocol:
Unfavorable Loan Terms: Borrowers may receive loans with less favorable terms than they intended, leading to higher interest rates or reduced borrowing capacity.
Financial Losses: Borrowers could suffer financial losses due to unexpected changes in loan parameters, potentially impacting their ability to repay the loan.
Tools Used
Manual Review
Recommendations
Take every single parameters as input of borrow() and compare them to the values in Pool struct to make sure borrower agrees with them, revert if they differ.
Here is the instance of similar vulnerability accepted before
https://github.com/sherlock-audit/2023-03-teller-judging/issues/205
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.