Mutual consent cannot be revoked and stays valid forever #33
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-02
primary issue
Highest quality submission among a set of duplicates
satisfactory
Finding meets requirement
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/debtdao/Line-of-Credit/blob/e8aa08b44f6132a5ed901f8daa231700c5afeb3a/contracts/utils/MutualConsent.sol#L11-L68
https://github.com/debtdao/Line-of-Credit/blob/e8aa08b44f6132a5ed901f8daa231700c5afeb3a/contracts/modules/credit/LineOfCredit.sol#L247-L262
Vulnerability details
Impact
Contracts that inherit from the
MutualConsent
contract, have access to amutualConsent
modifier.Functions that use this modifier need consent from two parties to be called successfully.
Once one party has given consent for a function call, it cannot revoke consent.
This means that the other party can call this function at any time now.
This opens the door for several exploitation paths.
Most notably though the functions
LineOfCredit.setRates()
,LineOfCredit.addCredit()
andLineOfCredit.increaseCredit()
can cause problems.One party can use Social Engineering to make the other party consent to multiple function calls and exploit the multiple consents.
Proof of Concept
The borrower wants to create the possibility for himself to change the rates in the future without the lender's consent.
dRate
andfRate
to 5%.LineOfCredit.setRates()
function to give his consent.LineOfCredit.setRates()
function to set the rates to 5.1%.and at some point the borrower can decide to set the rates to 5%.
Links:
MutualConsent
contract: https://github.com/debtdao/Line-of-Credit/blob/audit/code4rena-2022-11-03/contracts/utils/MutualConsent.solLineOfCredit.setRates()
function: https://github.com/debtdao/Line-of-Credit/blob/e8aa08b44f6132a5ed901f8daa231700c5afeb3a/contracts/modules/credit/LineOfCredit.sol#L247-L262Tools Used
VSCode
Recommended Mitigation Steps
There are several options to fix this issue:
MutualConsent
contract to revoke consent for a function call.Option 3 requires a lot of additional bookkeeping but is probably the cleanest solution.
The text was updated successfully, but these errors were encountered: