search

code-423n4 / 2023-05-particle-findings

0 stars 0 forks source link

Lender can auction the loan without any restriction to cause losses to the borrower #26

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-particle/blob/main/contracts/protocol/ParticleExchange.sol#L620

Vulnerability details

Lender can auction the loan without any restriction to cause losses to the borrower

Impact

The lender can unilaterally decide to auction a loan at any time, without any restriction. The process can be started by calling startLoanAuction() and offers to repay the loan and cover the NFT are accepted for a duration of 24 hours.

The process allows any interested party to cover the NFT of the loan and in return the offerer gets an incentive amount that is increased linearly during the timeframe of the auction.

However, this incentive comes from a penalty to the borrower. The amount parameter is deducted from the payback amount that is returned to the borrower:

https://github.com/code-423n4/2023-05-particle/blob/main/contracts/protocol/ParticleExchange.sol#L742-L745

742:         uint256 payback = lien.credit + lien.price - payableInterest - amount;
743:         if (payback > 0) {
744:             payable(lien.borrower).transfer(payback);
745:         }

The borrower doesn't take part in this process but gets penalized. If the borrower took a loan and sold the NFT (in order to short the market), then they can be faced with an unexpected auction process in which they will suffer losses and can't close since they already sold the NFT.

Note that the auction process doesn't require the loan to be in an unhealthy situation. The borrower can have plenty of margin to cover for potential interests costs, but the lender can initiate the auction as soon as the loan is taken, or as soon as they know the borrower sold the NFT.

Note also that the offerer can be the same lender. The lender can start the auction process and wait a sufficient amount of time in order to cover their own loan but get a favorable deal due to the amount taken as penalty from the borrower.

Recommendation

The protocol should provide stronger guarantees to the borrower. This can be a minimum period before the loan can be auctioned or some kind of limitations to when or how the auction can be started (that could depend on the health of the loan).

Assessed type

Other

hansfriese commented 1 year ago

Per the documentation, it is not correct that The borrower doesn't take part in this process but gets penalized. screenshot_14

c4-judge commented 1 year ago

hansfriese marked the issue as unsatisfactory: Invalid

wukong-particle commented 1 year ago

Judge is correct, this is a design choice. Similar to where the judge copied the doc https://particle-1.gitbook.io/particle/mechanism/auction, we designed the following as a balance

Once an NFT is sold to the market for an opened position, the supplier can start the auction process any time. On the other hand, traders can also refinance to another supplier any time.

Note that if the lender immediately starts an auction, she doesn't accrue much interest as well. When there's enough players in the system for refinance options, this play isn't the optimal.

But as a cold start, we acknowledge the potential frustration on the borrower side. Will monitor the dynamics and consider adding a minimum time as a "fixed term" for the borrower.

c4-sponsor commented 1 year ago

wukong-particle marked the issue as sponsor acknowledged

c4-sponsor commented 1 year ago

wukong-particle marked the issue as disagree with severity