c4-pre-sort
commented
1 year ago minhquanym marked the issue as low quality report
Closed c4-submissions closed 1 year ago
c4-pre-sort
commented
1 year ago minhquanym marked the issue as low quality report
minhquanym
commented
1 year ago AI generated
c4-judge
commented
1 year ago MarioPoneder marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/code-423n4/2023-10-wildcat/blob/main/src/market/WildcatMarket.sol#L124
Vulnerability details
Impact
The code for the borrow function allows borrowers to repeatedly withdraw funds from the market without reducing their borrowable amount. This oversight can have several significant impacts:
Excessive Debt Accumulation: Borrowers can accumulate debt without any requirement to reduce it, potentially exceeding the collateral obligations set by the protocol.
Increased Risk: This behavior exposes lenders and the protocol to greater risk, as borrowers can accumulate larger debts that may become difficult to repay.
Market Instability: Continuous borrowing without debt reduction can lead to market instability and potential disruptions in the protocol's functioning.
Proof of Concept
The borrow function permits borrowers to withdraw a specified amount from the market.
There is no mechanism in place to enforce repayments or reduce the borrowing capacity of the borrower after each withdrawal as borrowable is always the same amount.
As a result, the borrower can repeatedly call the borrow function to withdraw additional funds without any reduction in their borrowing limit
Tools Used
manual review
Recommended Mitigation Steps
Implement a dynamic calculation for the borrowable amount that takes into account the borrower's outstanding debt and collateral obligations. This ensures that the borrowable amount decreases as debt accumulates.
Assessed type
Access Control