search

code-423n4 / 2023-12-ethereumcreditguild-findings

9 stars 5 forks source link

the call function also should have the wennotpause modifier too exactly like the borrow function #1262

Closed c4-bot-3 closed 5 months ago

c4-bot-3 commented 6 months ago

Lines of code

https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/2376d9af792584e3d15ec9c32578daa33bb56b43/src/loan/LendingTerm.sol#L628

Vulnerability details

Impact

the wennotpause modifier in borrow function isshould also be on the call function cause the borrowers might plan to extend loan liquidation and avoid it.

but if the borrow is pause then you should also pause the call to avoid loss for borrower

Proof of Concept


function _call(
        address caller,
        bytes32 loanId,
        address _auctionHouse
    ) internal {
        Loan storage loan = loans[loanId];

        // check that the loan exists
        uint256 borrowTime = loan.borrowTime;
        require(loan.borrowTime != 0, "LendingTerm: loan not found");

        // check that the loan is not already closed
        require(loan.closeTime == 0, "LendingTerm: loan closed");

        // check that the loan is not already called
        require(loan.callTime == 0, "LendingTerm: loan called");

        // check that the loan can be called
        require(
            GuildToken(refs.guildToken).isDeprecatedGauge(address(this)) ||
                partialRepayDelayPassed(loanId),
            "LendingTerm: cannot call"
        );

        // check that the loan has been running for at least 1 block
        require(
            borrowTime < block.timestamp,
            "LendingTerm: loan opened in same block"
        );

        // update loan in state
        uint256 loanDebt = getLoanDebt(loanId);
        loans[loanId].callTime = block.timestamp;
        loans[loanId].callDebt = loanDebt;
        loans[loanId].caller = caller;

        // auction the loan collateral
        AuctionHouse(_auctionHouse).startAuction(loanId, loanDebt);

        // emit event
        emit LoanCall(block.timestamp, loanId);
    }

Tools Used

vs-code

Recommended Mitigation Steps

consider adding pause modifier in the call function too so avoid unjustlly liquidation

Assessed type

Other

0xSorryNotSorry commented 5 months ago

The submission does not provide any demonstration of the issue, reasoning and code blocks.

c4-pre-sort commented 5 months ago

0xSorryNotSorry marked the issue as insufficient quality report

c4-judge commented 5 months ago

Trumpero marked the issue as unsatisfactory: Invalid