Original vulnerabilities/impacts:
addNewTranche() uses the live protocolFee fraction to charge protocol fee from the renegotiationOffer lender. This might be the incorrect protocolFee fraction if the protocol fee has been updated by admin.
For comparison, other renegotiation flow such as refinanceFull, and refinancePartial will use the protocolFee fraction stored from the original loan struct.
The mitigation is to use the protocolFee fraction from the stored loan struct, instead of the live protocolFee value. This ensures protocolFee is charged consistently among other similar renegotiation flows using the original loan’s data.
This eliminates the original vulnerability and resolves the issue.
Lines of code
Vulnerability details
C4 Issue
M-03: Function addNewTranche() should use protocolFee from Loan struct
Comments
Original vulnerabilities/impacts:
addNewTranche()
uses the live protocolFee fraction to charge protocol fee from the renegotiationOffer lender. This might be the incorrect protocolFee fraction if the protocol fee has been updated by admin.For comparison, other renegotiation flow such as refinanceFull, and refinancePartial will use the protocolFee fraction stored from the original loan struct.
Mitigation
Fix: https://github.com/pixeldaogg/florida-contracts/pull/363/files
The mitigation is to use the protocolFee fraction from the stored loan struct, instead of the live protocolFee value. This ensures protocolFee is charged consistently among other similar renegotiation flows using the original loan’s data.
This eliminates the original vulnerability and resolves the issue.
Conclusion
LGTM