Borrower can by mistake add own money to credit if credit is in ETH #24
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-01
primary issue
Highest quality submission among a set of duplicates
satisfactory
Finding meets requirement
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/debtdao/Line-of-Credit/blob/audit/code4rena-2022-11-03/contracts/modules/credit/LineOfCredit.sol#L223-L244
https://github.com/debtdao/Line-of-Credit/blob/audit/code4rena-2022-11-03/contracts/utils/LineLib.sol#L59-L74
Vulnerability details
Impact
Borrower can by mistake add own money to credit if credit is in ETH.
Proof of Concept
Function
LineOfCredit.addCredit
is used to create new credit.It can be called only after contest of another party.
LineLib.receiveTokenOrETH(token, lender, amount)
is responsible for getting payment.https://github.com/debtdao/Line-of-Credit/blob/audit/code4rena-2022-11-03/contracts/utils/LineLib.sol#L59-L74
As you can see in case of native token payment,
sender
is not checked to bemsg.sender
, so this makes it's possible that borrower can by mistake pay instead of lender. It sounds funny, but it's possible. What is needed is that lender calladdCredit
first and then borrower callsaddCredit
and provides value.Tools Used
VsCode
Recommended Mitigation Steps
Check that if payment in ETH then
lender == msg.sender
inaddCredit
function.The text was updated successfully, but these errors were encountered: