search

code-423n4 / 2023-12-ethereumcreditguild-findings

17 stars 11 forks source link

Missing Input Validation: #1206

Closed c4-bot-5 closed 8 months ago

c4-bot-5 commented 9 months ago

Lines of code

https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/loan/AuctionHouse.sol#L75

Vulnerability details

Impact

Detailed description of the impact of this finding. Missing Input Validation: There is no validation on the callDebt parameter in startAuction, which could potentially be set to an incorrect value if the calling contract has a bug.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. function startAuction(bytes32 loanId, uint256 callDebt) external { // check that caller is a lending term that still has PnL reporting role require( core().hasRole(CoreRoles.GAUGE_PNL_NOTIFIER, msg.sender), "AuctionHouse: invalid caller" );

    // check the loan exists in calling lending term and has been called in the current block
    LendingTerm.Loan memory loan = LendingTerm(msg.sender).getLoan(loanId);
    require(
        loan.callTime == block.timestamp,
        "AuctionHouse: loan previously called"
    );

    // check auction for this loan has not already been created
    require(
        auctions[loanId].startTime == 0,
        "AuctionHouse: auction exists"
    );

    // save auction in state
    auctions[loanId] = Auction({
        startTime: block.timestamp,
        endTime: 0,
        lendingTerm: msg.sender,
        collateralAmount: loan.collateralAmount,
@>        callDebt: callDebt
    });
    nAuctionsInProgress++;

    // emit event
    emit AuctionStart(
        block.timestamp,
        loanId,
        LendingTerm(msg.sender).collateralToken(),
        loan.collateralAmount,
        callDebt
    );
}

Tools Used

Manual Analysis

Recommended Mitigation Steps

Assessed type

Invalid Validation

0xSorryNotSorry commented 9 months ago

The caller is _GAUGE_PNLNOTIFIER It's triggered in another contract.

Invalid assumption

c4-pre-sort commented 9 months ago

0xSorryNotSorry marked the issue as insufficient quality report

c4-judge commented 8 months ago

Trumpero marked the issue as unsatisfactory: Invalid