search

code-423n4 / 2023-10-wildcat-findings

14 stars 10 forks source link

closeMarket() can only be called by the market controller but the controller has no function to close a market. #645

Closed c4-submissions closed 1 year ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-10-wildcat/blob/c5df665f0bc2ca5df6f06938d66494b11e7bdada/src/market/WildcatMarket.sol#L142

Vulnerability details

Description

Due to the restriction on the closeMarket() function, only the controller is able to use it, but the controller contract has no way to call it.

Impact

Since the borrower becomes unable to close a market once it opened, it becomes a big issue as the lenders can accrue interest even when the borrower no longer wishes to borrow asset.

Proof of Concept

Borrower creates a market.

Alice, who is authorized by Borrower to be a lender, deposits 10,000 of asset.

Alice gets 10,000 of market tokens.

Borrower no longer wishes to borrow money, but is unable to close the market since no function is created on the marketController.

scaleFactor keeps increasing and borrower can not do anything to prevent it.

Alice has the 10,000 market tokens and is able to accrue interest for an infinite amount of time, making borrower liable for the interest.

Recommended Mitigation Steps

Add a closeMarket function to the WildcatMarketController contract.

Assessed type

Context

c4-pre-sort commented 1 year ago

minhquanym marked the issue as duplicate of #147

c4-judge commented 1 year ago

MarioPoneder marked the issue as partial-50

c4-judge commented 1 year ago

MarioPoneder changed the severity to 3 (High Risk)