Closed c4-bot-6 closed 6 months ago
0xSorryNotSorry marked the issue as sufficient quality report
0xSorryNotSorry marked the issue as duplicate of #906
0xSorryNotSorry marked the issue as duplicate of #877
Trumpero marked the issue as not a duplicate
Trumpero marked the issue as duplicate of #994
Trumpero marked the issue as unsatisfactory: Invalid
Trumpero changed the severity to 2 (Med Risk)
Trumpero marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/2376d9af792584e3d15ec9c32578daa33bb56b43/src/loan/LendingTerm.sol#L628 https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/2376d9af792584e3d15ec9c32578daa33bb56b43/src/loan/SurplusGuildMinter.sol#L114 https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/2376d9af792584e3d15ec9c32578daa33bb56b43/src/loan/SurplusGuildMinter.sol#L158
Vulnerability details
Impact
When Bob decides to repay his debt and makes a call to
repay()
function, Alice may frontrun him to stake tokens inSurplusGuildMinter.sol
. After Bob has repayed his loan, thenotifyPnL
function will be called fromProfitManager.sol
. This will distribute rewards based on the ProfitSharingConfig. After the repayment is done , Alice can unstake her tokens and received tokens from the reward in the next block.Proof of Concept
Test setUp() function
POC:
Tools Used
Foundry, Manual review
Recommended Mitigation Steps
Add lock up period for staking.
Assessed type
Timing