Users can avoid bad debt assessments by settling debts early

[c4-bot-10]

Lines of code

https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/2376d9af792584e3d15ec9c32578daa33bb56b43/src/loan/AuctionHouse.sol#L202-L230 https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/2376d9af792584e3d15ec9c32578daa33bb56b43/src/loan/AuctionHouse.sol#L166-L196

Vulnerability details

Impact

Users can avoid bad debt assessments by settling debts early

Proof of Concept

There are 2 main function points that generate bad debt apportionment: 1, Bidding generates a loss (via bid)

2. A debt is forgiven (via forgive)

Although a surplusBuffer buffer is added before the bad debt is apportioned, someone has to take on the debt, and since the surplusBuffer amount is paid in full, the last persons may have to take the risk of not being able to redeem it.

What's worse, if the surplusBuffer is 0 or not enough, it will directly result in bad debt apportionment, when there will be more incentive to avoid debt apportionment, and the user will pay off the debt early, thus avoiding the apportionment of bad debt. This is unfair to other users, and if everyone did this, there would be no one to apportion the bad debt to.

At the time of debt forgiveness, users can avoid bad debt by settling their debt early by front running.

Tools Used

Manual Review

Recommended Mitigation Steps

At the start of the bidding process, lock in the debt settlement until the bad debt is dealt with and then release it.

Assessed type

Access Control

[c4-pre-sort]

0xSorryNotSorry marked the issue as sufficient quality report

[c4-pre-sort]

0xSorryNotSorry marked the issue as duplicate of #906

[c4-pre-sort]

0xSorryNotSorry marked the issue as duplicate of #877

[c4-judge]

Trumpero marked the issue as unsatisfactory: Invalid

[c4-judge]

Trumpero marked the issue as unsatisfactory: Invalid

[c4-judge]

Trumpero marked the issue as unsatisfactory: Invalid