search

code-423n4 / 2024-08-wildcat-findings

3 stars 1 forks source link

onRepay hook can be bypassed #84

Open howlbot-integration[bot] opened 2 months ago

howlbot-integration[bot] commented 2 months ago

Lines of code

https://github.com/code-423n4/2024-08-wildcat/blob/fe746cc0fbedc4447a981a50e6ba4c95f98b9fe1/src/market/WildcatMarket.sol#L168

Vulnerability details

Proof of Concept

The onRepay hook only triggers if someone pokes the repay function. This means anyone can bypass it by transferring tokens directly to the market.

  function _repay(MarketState memory state, uint256 amount, uint256 baseCalldataSize) internal {
    ...
@>    hooks.onRepay(amount, state, baseCalldataSize);
  }

Recommended Mitigation Steps

Unsure what's the best way to fix

Assessed type

Other

c4-judge commented 1 month ago

3docSec changed the severity to QA (Quality Assurance)

c4-judge commented 1 month ago

3docSec marked the issue as grade-b