Detailed description of the impact of this finding.
Missing Input Validation: There is no validation on the callDebt parameter in startAuction, which could potentially be set to an incorrect value if the calling contract has a bug.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
function startAuction(bytes32 loanId, uint256 callDebt) external {
// check that caller is a lending term that still has PnL reporting role
require(
core().hasRole(CoreRoles.GAUGE_PNL_NOTIFIER, msg.sender),
"AuctionHouse: invalid caller"
);
// check the loan exists in calling lending term and has been called in the current block
LendingTerm.Loan memory loan = LendingTerm(msg.sender).getLoan(loanId);
require(
loan.callTime == block.timestamp,
"AuctionHouse: loan previously called"
);
// check auction for this loan has not already been created
require(
auctions[loanId].startTime == 0,
"AuctionHouse: auction exists"
);
// save auction in state
auctions[loanId] = Auction({
startTime: block.timestamp,
endTime: 0,
lendingTerm: msg.sender,
collateralAmount: loan.collateralAmount,
@> callDebt: callDebt
});
nAuctionsInProgress++;
// emit event
emit AuctionStart(
block.timestamp,
loanId,
LendingTerm(msg.sender).collateralToken(),
loan.collateralAmount,
callDebt
);
}
Lines of code
https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/loan/AuctionHouse.sol#L75
Vulnerability details
Impact
Detailed description of the impact of this finding. Missing Input Validation: There is no validation on the callDebt parameter in startAuction, which could potentially be set to an incorrect value if the calling contract has a bug.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. function startAuction(bytes32 loanId, uint256 callDebt) external { // check that caller is a lending term that still has PnL reporting role require( core().hasRole(CoreRoles.GAUGE_PNL_NOTIFIER, msg.sender), "AuctionHouse: invalid caller" );
Tools Used
Manual Analysis
Recommended Mitigation Steps
Assessed type
Invalid Validation