Open code423n4 opened 1 year ago
minhquanym marked the issue as low quality report
Consider QA
minhquanym marked the issue as primary issue
minhquanym marked the issue as remove high or low quality report
0xRektora marked the issue as sponsor confirmed
dmvt marked the issue as selected for report
Lines of code
https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contracts/markets/bigBang/BigBang.sol#L728
Vulnerability details
Impact
Users can get DoSed from repaying their debt, which can be very damaging during volatile scenarios.
The same issue is present in the
SGLLendingCommon.sol
contract _repay functionProof of Concept
During the
_repay
function the following code is executed:It reduces the borrow part of a given user
to
. The issue arises because the function does not handle the case wherepart > userBorrowPart[to]
; instead, it will fail due to underflow. In volatile scenarios, it is rational to think that users will try to repay all their debt or a big part of it. But, due to the incorrect state handling, an attacker may prevent any user's repayment. For example:Severity Rationale
Tools Used
Manual Review
Recommended Mitigation Steps
Rewrite the
_repay
function as:Assessed type
DoS