Closed code423n4 closed 1 year ago
Seems invalid, the attacker would gain nothing since he'd be the one paying the interest that he earns, plus protocol fees.
Attacker just pays himself interest, this is fine. And is helpful because it adds liquidity
Lines of code
https://github.com/code-423n4/2022-08-frax/blob/main/src/contracts/FraxlendPairCore.sol#L739
Vulnerability details
Impact
User can borrow the asset from lender which the lender is himself. The user will get the share after he lend his asset to himself.
Proof of Concept
First the user, let say Alice, will call
borrowAsset
and set the address of the receiver tomsg.sender
. After that the receiver (Alice) will get the shares.https://github.com/code-423n4/2022-08-frax/blob/main/src/contracts/FraxlendPairCore.sol#L739
Then Alice call deposit to lend the asset, Alice will set the address of the receiver to msg.sender
https://github.com/code-423n4/2022-08-frax/blob/main/src/contracts/FraxlendPairCore.sol#L583
To make the interest smaller, Alice will call the repayAsset quickly for repaying her borrowing position. So Alice will pay her debt with small interest, and get the shares
Recommended Mitigation Steps
Consider to check that
msg.sender
is not thereceiver
in bothdeposit
,mint
,borrowAsset
.