search

code-423n4 / 2022-08-frax-findings

2 stars 1 forks source link

Users could `borrow` all the liquidity in the `FraxlendPair` #283

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-08-frax/blob/main/src/contracts/FraxlendPairCore.sol#L739-L758

Vulnerability details

Impact

Any user can borrow any amount of Asset without transfer any Collateral Token to the Pair

Proof of Concept

By invoking borrowAsset() and passe collateralAmount = 0 you will be able to borrow all the liquidity in the Pair

As we can see they just check for if (_collateralAmount > 0) to invoke _addCollateral() and get the collateral Token to transfer to Pair

Recommended Mitigation Steps

Add more checks for _collateralAmount param

0xA5DF commented 2 years ago

Invalid, same as #204

DrakeEvans commented 2 years ago

isSolvent modifier prevents this