Malicious lender can claim revenue and steal it from borrower #153
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-110
partial-50
Lines of code
https://github.com/debtdao/Line-of-Credit/blob/e8aa08b44f6132a5ed901f8daa231700c5afeb3a/contracts/modules/credit/SpigotedLine.sol#L93-L133
Vulnerability details
Impact
Lender can use swap data with no slippage and sandwich attakc to steal claimed revenue and extract more value from borrower
Proof of Concept
SpigotedLine#claimAndRepay allows the lender to claim and swap revenue tokens to pay borrower debt. Caller is allowed to provide arbitrary swap data allowing a malicious lender to claim revenue and then steal it by using no slippage bounds and sandwiching the trade. This allows the lender to extract more value from the borrower.
Tools Used
Manual Review
Recommended Mitigation Steps
Only borrower should be allowed to claim and swap if the credit token because lender has no incentive to get borrower a good swap price.
The text was updated successfully, but these errors were encountered: