Closed c4-bot-3 closed 5 months ago
This is out of scope check here: https://github.com/code-423n4/2024-02-wise-lending-findings/issues/35
GalloDaSballo marked the issue as insufficient quality report
trust1995 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/WiseLending.sol#L460-L484
Vulnerability details
accroding to website https://wisesoft.gitbook.io/wise/wiselending.com/wise-lending, it says:
Each user mints an NFT for their account when they first interact. This allows for transferrable positions, as well as modular features to be built on top of the base protocol, such as an options market.
So position NFT can be used as a financial certificate and sold and purchased in the market.
If the NFT is put for sale and and it has some collateral available,anybody can submitt a transaction with price paid to buy it.But the seller can front-run before buyer,and he can withdraw all deposit token in NFT,and get all price paid.
Impact
Malicious users can honeypot other users
Proof of Concept
For example,If user A own Position NFT 1 with
1 ETH
deposit:1 ETH
deposit and they can be withdrawed.3000 USDT
.1 ETH
.1 ETH
and get user B price paid3000 USDT
,and user B get Position NFT 1 with no deposit.There is an example like it: https://www.codehawks.com/report/clql6lvyu0001mnje1xpqcuvl#H-04
Recommended Mitigation Steps
After position NFT is operated in wise lending, the timestamp of its operation need be recorded. Transfer need limit to be used after a duration after this timestamp.
Assessed type
MEV