SecuredLine.rollover
function allows to rollover to CreditOfLine
. Ownersip of Spigot
will be lost ferover.
#77
Labels
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
downgraded by judge
Judge downgraded the risk level of this issue
grade-b
primary issue
Highest quality submission among a set of duplicates
Q-11
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Lines of code
https://github.com/debtdao/Line-of-Credit/blob/audit/code4rena-2022-11-03/contracts/modules/credit/SecuredLine.sol#L48-L66
Vulnerability details
Impact
SecuredLine.rollover
function allows user to transfer the Escrow and Spigot from repaid secured line to another line. In case if line is CreditOfLine which do not know how to work with Spigot, ownersip of Spigot will be lost.Proof of Concept
SecuredLine.rollover
function changes line for theEscrow
and transfers ownership ofSpigot
to the new line.https://github.com/debtdao/Line-of-Credit/blob/audit/code4rena-2022-11-03/contracts/modules/credit/SecuredLine.sol#L48-L66
https://github.com/debtdao/Line-of-Credit/blob/audit/code4rena-2022-11-03/contracts/utils/SpigotedLineLib.sol#L146-L149
As result ownership of
Spigot
will be completely lost and can't be recovered asLineOfCredit
do not have such function.Also all functions that rely on owner will not possible to call.
Regarding to the Escrow it also can make some problems. After rollover Escrow will have new line and this line will never be changed, because
LineOfCredit
do not have such function.In case if rollover was called for
SpigotedLine
then onlyEscrow
will have problems. Borrower will not be able to withdraw his collateral funds while credit is not repaid.And in case if this
SpigotedLine
will become liquidateable and borrower didn't withdraw collateral before, then he will not be able to withdraw collateral anymore, even ifSpigotedLine
is not suppose to use any Escrow.This is simple test that shows, that you can rollover to CreditOfLine.
Tools Used
VsCode
Recommended Mitigation Steps
You could add some function that indicates that line is SecuredLine and then allow rollover only to such function.
The text was updated successfully, but these errors were encountered: