borrowBehalf() and redeemBehalf() are introduced to redeem and borrow on behalf of other users. but borrowBehalf() is unintended behaviour for users that protocol’s whitelisted users have the privilege to borrow on their behalf of them without their permission. It can impact the integrity of the protocol. the actual behaviour is access should be given by the user for their borrow.
Recommendation
change implementation of borrowBehalf() so that users can whitelist addresses to borrow on behalf of them
Affected Contracts
CErc20.sol CToken.sol
Severity
Medium
Description
https://github.com/LodestarFinance/lodestar-protocol/blob/cfca1ae275d023a02198798bbcb24b2a1f646776/contracts/CErc20.sol#L106-L109
borrowBehalf() and redeemBehalf() are introduced to redeem and borrow on behalf of other users. but borrowBehalf() is unintended behaviour for users that protocol’s whitelisted users have the privilege to borrow on their behalf of them without their permission. It can impact the integrity of the protocol. the actual behaviour is access should be given by the user for their borrow.
Recommendation
change implementation of borrowBehalf() so that users can whitelist addresses to borrow on behalf of them