Submission Details
Severity:
User may front-run borrower repaying X amount of his debt, when he repays only small amount Y - X + 1, where Y is all minted tokens
Summary
Currently anybody can repay loan for another address with arbitrary amount
The decision is adequate, but it can lead to delay when a user try to repay all of his dept
Vulnerability Details
-
Example:
-
Bob has dept of 100e18 EURO
-
She wants to repay it, but Eve front-run his transaction with only 1 wei
-
If Bob is end user, he may miss what is happening and try again
-
The same scenario can be repeated
Impact
In some edge cases it may be crucial to delay user’s loan being repayed and liquidate him
Tools Used
Manual Review
Recommendations
If the provided amount is larger than minted tokens, burn all minted:
function burn(uint256 _amount) external ifMinted(_amount) {
uint256 fee = _amount * ISmartVaultManagerV3(manager).burnFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();
+ if(_amount > minted) _amount = minted;
minted = minted - _amount;
EUROs.burn(msg.sender, _amount);
IERC20(address(EUROs)).safeTransferFrom(msg.sender, ISmartVaultManagerV3(manager).protocol(), fee);
emit EUROsBurned(_amount, fee);
}
Updates
Lead Judging Commences
hrishibhat over 1 year ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
informational/invalid
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
60933 USDC / LOC
17,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.