search

code-423n4 / 2024-05-gondi-mitigation-findings

0 stars 0 forks source link

M-17 MitigationConfirmed #112

Open c4-bot-8 opened 3 months ago

c4-bot-8 commented 3 months ago

Lines of code

Vulnerability details

C4 Issue

M-17: loan.hash() does not contain protocolFee

Comments

Original vulnerabilities/impacts: The issue is the loan’s hashing function (Hash::hash) doesn’t include the protocolFee field. As a result, protocolFee will not be checked in _baseLoanChecks() where the stored loan hash is verified against user input.

This allows a user to input any protocolFee for a given loan and avoid paying the protocolFee.

Mitigation

Fix: https://github.com/pixeldaogg/florida-contracts/pull/388/files

//src/lib/utils/Hash.sol
    bytes32 private constant _MULTI_SOURCE_LOAN_HASH =
        0x47dba7e6940f0063b21c2ef8f7b0beaf1a2f4c2f84144c36b274ceec12e99b57;
...
    function hash(IMultiSourceLoan.Loan memory _loan) internal pure returns (bytes32) {
...
        return keccak256(
            abi.encode(
                _MULTI_SOURCE_LOAN_HASH,
                _loan.borrower,
                _loan.nftCollateralTokenId,
                _loan.nftCollateralAddress,
                _loan.principalAddress,
                _loan.principalAmount,
                _loan.startTime,
                _loan.duration,
                keccak256(trancheHashes),
|>              _loan.protocolFee
            )
        );

The mitigation is to include protocolFee field in the loan’s hashing function. In addition, the mitigation updated the struct Loan’s typeHash with the correct fields.

The mitigation resolved the original issue.

Conclusion

LGTM

c4-judge commented 3 months ago

alex-ppg marked the issue as satisfactory

c4-judge commented 3 months ago

alex-ppg marked the issue as confirmed for report