If builder is replaying the lender not so long after getting funded the builder can get out of paying intrest on borrowed funds #136
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate
This issue or pull request already exists
valid
Lines of code
https://github.com/code-423n4/2022-08-rigor/blob/5ab7ea84a1516cb726421ef690af5bc41029f88f/contracts/Community.sol#L455
https://github.com/code-423n4/2022-08-rigor/blob/5ab7ea84a1516cb726421ef690af5bc41029f88f/contracts/Community.sol#L824
https://github.com/code-423n4/2022-08-rigor/blob/5ab7ea84a1516cb726421ef690af5bc41029f88f/contracts/Community.sol#L668
Vulnerability details
Impact
If builder makes a project,then a day later the builder gets everything done and wants to repay the lender.
RepaysLender
in that function it calls_reduceDebt.claimInterest.returnToLender()
and ifnoOfDays = 0
yourunclaimedInterset =0
it lowers the builders Interest to 0 and you still have_lentAmount
left over causing tokens that the builder borrowed arent getting intrest on it.Proof of Concept
1.attacker calls
repayLender
which calls_reduceDebt
then callsclaimInterest
thenreturnToLender
note: the diffrent in the timestamp is one day august 6 to the 5 at the same time of the day.
block.timestmap= (1659817999- 1659732167) / 86400 = 0
because of percsion errorunclaimedInterest = 0
andtotalInsterest =5
(lets say 5 )returnToLender function
claimInterest function
unclaimedInterest = 0
=_interestEarned
repayLender function
repayAmount (100) then
_interest(5)`_lentAndInterest = 100 + 5= 115
which is greater then 100_interest =0
and_lentAmount=15
At the end of this brief window of time an builder of the project can still have borrowable assets that arent geting intrested on which can be considerd stealing funds.
The reason am rating this as medium is because the attack window is only a day or so and to only have the borrow asset ready to be gived back in a day is not easy.
Tools Used
vim
Recommended Mitigation Steps
_noOfDays
is > 0;The text was updated successfully, but these errors were encountered: