Borrower can't repay all debt after transferring his debt to another vault. #303
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-222
satisfactory
satisfies C4 submission criteria; eligible for awards
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/LienToken.sol#L596
https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/LienToken.sol#L608
https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/LienToken.sol#L840
Vulnerability details
Impact
The borrower cannot repay his debt after transferring to another vault and the borrower can lost his NFT. When the borrower transfer his debt to another vault the LienCount is not added, so when the borrower wants to pay all his debt the decreaseEpochLienCount will be reverted.
Borrower can not get his NFT even when the borrower wants to pay his debt.
Proof of Concept
I created a test for this situation in
AstariaTest.t.sol
, following the next steps:Tools used
Foundry/Vscode
Recommended Mitigation Steps
Increase the Lien count after transferring to another vault.
The text was updated successfully, but these errors were encountered: