Open code423n4 opened 3 years ago
WatchPug
The check _checkBorrowEnabled can be done earlier.
_checkBorrowLimits can be updated with a new parameter _borrowAmount and move to before mintDebtAmount.
_checkBorrowLimits
https://github.com/code-423n4/2021-09-wildcredit/blob/main/contracts/LendingPair.sol#L542
Use Checks-Effects-Interactions pattern for all functions.
_checkBorrowLimits can be changed to:
function _checkBorrowLimits(address _token, address _account, uint _borrowAmount) internal view { uint borrowLimit = lendingController.borrowLimit(address(this), _token); if (borrowLimit > 0) { require(totalDebtAmount[_token] + _borrowAmount <= borrowLimit, "LendingPair: borrow limit reached"); } }
Handle
WatchPug
Vulnerability details
The check _checkBorrowEnabled can be done earlier.
_checkBorrowLimitscan be updated with a new parameter _borrowAmount and move to before mintDebtAmount.https://github.com/code-423n4/2021-09-wildcredit/blob/main/contracts/LendingPair.sol#L542
Recommendation
Use Checks-Effects-Interactions pattern for all functions.
_checkBorrowLimitscan be changed to: