Loan can be purchased with fake token pool leading to loan repay griefing
Summary
The Lender contract is vulnerable to a critical issue where loans can be purchased with fake token pools, leading to potential grief for loan refinancing or repayments.
Vulnerability Details
The vulnerability arises because the contract does not verify the collateralToken and loanToken of the pool being purchased against the actual loan data before allowing the purchase. This oversight enables malicious lenders to create arbitrary pools with useless loan and collateral tokens and use the poolId for purchasing loans.
Impact
Borrowers whose loans are transferred to fake pools face significant challenges in repaying or refinancing their loans. Since the poolId derived from the loan data does not correspond to a valid pool, every attempt to repay or refinance is reverted, leaving the borrower's collateral stuck indefinitely.
Tools Used
Manual Review
Recommendations
To address this critical vulnerability, the contract must implement proper validation checks to ensure that the loan being purchased is associated with a valid and verified token pool. Specifically, the contract should verify the loanToken and collateralToken against the purchase pool's token information before allowing the loan purchase to proceed. By doing so, the contract can prevent the purchase of loans from fake pools and protect borrowers from potential loan repayment grief.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.