ni8mare - Malicious lender can prevent borrowers from repaying their loans.

[sherlock-admin]

ni8mare

high

Malicious lender can prevent borrowers from repaying their loans.

Summary

Malicious lenders can prevent borrowers from repaying their loans using the onRepay function in the CoolerCallback contract.

Vulnerability Detail

When a malicious lender sees a loan request that they want to clear, they will use the clearRequest function and pass the isCallback_ argument as true. When the borrower tries to repay the loan(repayLoan), the code enters the following line and calls the onRepay function on the lender:

if (loan.callback) CoolerCallback(loan.lender).onRepay(loanID_, repaid_);

The onRepay function further calls the _onRepay internal function which can be defined in any possible manner. It could run an infinite loop causing out-of-gas errors or simply revert. It could be defined simply like this:

function _onRepay(uint256 loanID_, uint256 amount_) internal virtual override{
  revert("always reverts");
}

In this way, this onRepay function which is called when a borrower invokes the repayLoan function will always revert.

Impact

The borrower is never able to repay their loans. The lender is able to claim the collateral after the loan's expiry. Will be possible in cases where the loan-to-collateral ratio is low.

Code Snippet

https://github.com/sherlock-audit/2023-08-cooler/blob/main/Cooler/src/Cooler.sol#L185

Tool used

Manual Review

Recommendation

Maybe the protocol could limit the amount of gas that is sent to the onRepay function. Also, the project should check to see if the callback functions revert by wrapping it in a try-catch block.

Duplicate of #187