Moonwell

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Lack of input Validation and Check on function `repayBadDebtWithCash` in the `MErc20DelegateFixer` contract

kind0devpro

Summary

The repayBadDebtWithCash function in the MErc20DelegateFixer contract has several vulnerabilities that could potentially be exploited by malicious actors. These vulnerabilities include lack of proper input validation, allowing the repayment of bad debt by non-bad debtors, and absence of checks to ensure that the amount being repaid does not exceed the current bad debt amount.

Vulnerability Details

Lack of Input Validation

The repayBadDebtWithCash function in the MErc20DelegateFixer contract lacks proper input validation. This means that the function does not check whether the amount being repaid is valid, leading to potential issues if the amount is negative.

Code Sample:

function repayBadDebtWithCash(uint256 amount) external nonReentrant {

// No input validation checks are performed

// This could lead to unexpected behavior if the amount is negative

// Vulnerable code:

badDebt = SafeMath.sub(badDebt, amount, "amount exceeds bad debt");

EIP20Interface token = EIP20Interface(underlying);

/// Interactions

require(

token.transferFrom(msg.sender, address(this), amount),

"transfer in failed"

);

emit BadDebtRepayed(amount);

}

###Repayment by Non-Bad Debtors
There are no checks in place to prevent non-bad debtors from repaying debt using the repayBadDebtWithCash function. This could allow unauthorized users to manipulate the bad debt counter and affect the overall integrity of the protocol.

Code Sample:

function repayBadDebtWithCash(uint256 amount) external nonReentrant {

// Lack of checks to ensure that only bad debtors can repay debt

// This could allow non-bad debtors to manipulate the bad debt counter

// Vulnerable code:

badDebt = SafeMath.sub(badDebt, amount, "amount exceeds bad debt");

EIP20Interface token = EIP20Interface(underlying);

/// Interactions

require(

token.transferFrom(msg.sender, address(this), amount),

"transfer in failed"

);

emit BadDebtRepayed(amount);

}

Impact

The vulnerabilities in the repayBadDebtWithCash function pose significant risks to the security and stability of the protocol. Malicious actors could potentially exploit these vulnerabilities to manipulate the bad debt counter, drain funds from the protocol, or disrupt the lending and borrowing process.

Tools Used

No specific tools were used for this competitive audit report. The vulnerabilities were identified through manual code review and analysis.

Recommendations

To address the vulnerabilities identified in the repayBadDebtWithCash function of the MErc20DelegateFixer contract, the following recommendations are suggested:

1. Implement Input Validation

It is essential to include proper input validation checks to ensure that the amount being repaid is valid. Below is an example of how input validation can be added to the function:

function repayBadDebtWithCash(uint256 amount) external nonReentrant {

require(amount > 0, "Amount must be greater than zero");

badDebt = SafeMath.sub(badDebt, amount, "amount exceeds bad debt");

EIP20Interface token = EIP20Interface(underlying);

/// Interactions

require(

token.transferFrom(msg.sender, address(this), amount),

"transfer in failed"

);

emit BadDebtRepayed(amount);

}

2.Restrict Repayment to Bad Debtors

To prevent non-bad debtors from using the repayBadDebtWithCash function, additional checks should be implemented to ensure that only bad debtors can repay debt. Here's an example of how this can be achieved:

function repayBadDebtWithCash(uint256 amount) external nonReentrant {

require(amount > 0, "Amount must be greater than zero");

require(amount <= badDebt, "Amount cannot exceed bad debt");

require(borrowBalanceStored(msg.sender) < 0, "Only bad debtors can repay debt");

badDebt = SafeMath.sub(badDebt, amount, "amount exceeds bad debt");

EIP20Interface token = EIP20Interface(underlying);

/// Interactions

require(

token.transferFrom(msg.sender, address(this), amount),

"transfer in failed"

);

emit BadDebtRepayed(amount);

}

By implementing these recommendations, the security and integrity of the MErc20DelegateFixer contract can be enhanced, mitigating the identified vulnerabilities.

Updates

Lead Judging Commences

0xnevi Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Other

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

394

38 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.