LoanManager accounting mechanism requires to always call loanRepayment or loanLiquidation to adjust internal accounting values when a loan is terminated. However, the distribute() did not call it when it can't repay all lenders.
Mitigation
The distribute() function now always calls loanLiquidation() for internal accounting of LoanManager.
Lines of code
Vulnerability details
Issue
LoanManager accounting mechanism requires to always call
loanRepayment
orloanLiquidation
to adjust internal accounting values when a loan is terminated. However, thedistribute()
did not call it when it can't repay all lenders.Mitigation
The
distribute()
function now always callsloanLiquidation()
for internal accounting of LoanManager.