Mathepreneur
commented
2 years ago It's designed such that borrowers cannot borrow up to that amount.
Open code423n4 opened 2 years ago
Mathepreneur
commented
2 years ago It's designed such that borrowers cannot borrow up to that amount.
Handle
hyh
Vulnerability details
Impact
System will fail with low-level message without giving a business reason, which can be an issue for troubleshooting and further programmatic usages by other projects.
Proof of Concept
If a borrower tries to get almost all available assets, the low level division can fail in the check function:
https://github.com/code-423n4/2022-01-timeswap/blob/main/Timeswap/Timeswap-V1-Core/contracts/libraries/BorrowMath.sol#L35
Recommended Mitigation Steps
Add a maximum share of current assets that can be borrowed and revert with the corresponding error message before running the computations.