_processOffersFromExecutionData() lack of check executionData.duration<=offer.duration

[c4-bot-10]

Lines of code

https://github.com/code-423n4/2024-04-gondi/blob/b9863d73c08fcdd2337dc80a8b5e0917e18b036c/src/lib/loans/MultiSourceLoan.sol#L124

Vulnerability details

Vulnerability details

when emitLoan(), only limitoffer.duration != 0,There's no limit executionData.duration<=offer.duration

emitLoan() -> _processOffersFromExecutionData() -> _validateOfferExecution()

    function _validateOfferExecution(
        OfferExecution calldata _offerExecution,
        uint256 _tokenId,
        address _lender,
        address _offerer,
        bytes calldata _lenderOfferSignature,
        uint256 _feeFraction,
        uint256 _totalAmount
    ) private {
...

@>      if (offer.duration == 0) {
            revert ZeroDurationError();
        }
        if (offer.aprBps == 0) {
            revert ZeroInterestError();
        }
        if ((offer.capacity > 0) && (_used[_offerer][offer.offerId] + _offerExecution.amount > offer.capacity)) { 
            revert MaxCapacityExceededError();
        }

        _checkValidators(_offerExecution.offer, _tokenId);
    }

If the executionData.duration time is not limited, it can lead to far exceeding the borrowing time offer.duration. If the lender is a LoanManager, when repayLoan() it can also exceed the maximum pendingQueues, leading to accounting issues

Impact

far exceeding the borrowing time than offer.duration. If lender is LoanManager also exceeds max pendingQueues, causing bookkeeping issues

Recommended Mitigation

check executionData.duration<=offer[n].duration

Assessed type

Context

[c4-judge]

0xA5DF marked the issue as primary issue

[c4-judge]

0xA5DF marked the issue as selected for report

[c4-judge]

0xA5DF marked the issue as satisfactory

[0xA5DF]

Sustaining high due to accounting issues

[0xend]

https://github.com/pixeldaogg/florida-contracts/pull/382