Lost funds over a misplaced value #182
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-39
satisfactory
Finding meets requirement
Lines of code
https://github.com/debtdao/Line-of-Credit/blob/audit/code4rena-2022-11-03/contracts/utils/LineLib.sol#L59-L74
Vulnerability details
Impact
In DebtDao, a credit line can be created over any whitelisted erc20 token or ETH. A mutual agreement, between the borrower and the lender, establishes the parameters with which a line is created. Whenever the agreement is over a token, the balance and amounts (owed and due) are managed in accordance with the token's implementation. But if the agreement is over ETH, there's a potential mismatch between balances and the amounts registered using the
Denominations.ETH
placeholder.Thus, in receiveTokenOrETH, since the concern is to protect the line in amounts received less than expected (
if(msg.value < amount) { revert TransferFailed(); }
), it allows for potential mistakes whenever an end-user calls addCredit, increaseCredit, depositAndClose, depositAndRepay and close.External requirements:
Proof of Concept
Simple scenario where the lender transfers a bigger value than the amount agreed with the borrower. After the borrower pays his dues, the line keeps the extra amount of ether after reaching its end state.
Tools Used
VSCode, Foundry
Recommended Mitigation Steps
Consider altering the check in L71 to:
If for some reason there's a need to keep a margin in the amount received, set a reasonable constant to control it.
The text was updated successfully, but these errors were encountered: