Title: Missing check that loanId <= nonce
https://github.com/code-423n4/2022-04-backed/blob/main/contracts/NFTLoanFacilitator.sol#L230
IMPACT
Anyone can potentially run repayAndCloseLoan() and inputting loanId > nonce, and set the loan.closed = true(for future loanId). Then the loanId which is inputed by the user can't be executed on all the function which has notClosed() modifier. Can't find that its exploitable but its better for safety
RECOMMENDED MITIGATION STEP
Add line that validates loanId <= nonce in notClose modifier
wilsoncusack
commented
2 years ago
Title: Missing check that loanId <= nonce https://github.com/code-423n4/2022-04-backed/blob/main/contracts/NFTLoanFacilitator.sol#L230 IMPACT Anyone can potentially run
repayAndCloseLoan()and inputting loanId > nonce, and set theloan.closed= true(for futureloanId). Then the loanId which is inputed by the user can't be executed on all the function which hasnotClosed()modifier. Can't find that its exploitable but its better for safetyRECOMMENDED MITIGATION STEP Add line that validates loanId <= nonce in
notClosemodifier