`Market._allowedBorrow` can be bypassed partially.

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0x1c9c605d8c42db67f6ad917f009d6bbe6ce60d23c4c83cf37d218a55b6a32ce3 Severity: medium

Description: Description\ While BBBorrow.borrow is called, Market._allowedBorrow will be called to check the if there are enough allowance.

In Market.sol#L442, there is a special case that if pearlmitAllowed >= share, the function can continue without revert.

So a malicious user can bypass this check by split a large amount of borrow into several small amount.

412     function _allowedLend(address from, uint256 share) internal virtual override {
413         if (from != msg.sender) {
414             if (share == 0) revert AllowanceNotValid();
415 
416             uint256 pearlmitAllowed;
417             // Here we approve the market token, because it is unique to the market
418             if (penrose.cluster().isWhitelisted(0, msg.sender)) {
419                 (pearlmitAllowed,) = penrose.pearlmit().allowance(from, msg.sender, 20, address(this), 0);
420             }
421             require(allowance[from][msg.sender] >= share || pearlmitAllowed >= share, "Market: not approved"); <<<--- here if pearlmitAllowed >= shared, the function can continue without reverting
422             if (pearlmitAllowed >= share) return;
423             if (allowance[from][msg.sender] != type(uint256).max) {
424                 allowance[from][msg.sender] -= share;
425             }
426         }
427     }

Attack Scenario\ Please consider in a case that, for a malicious user Alice, penrose.cluster().isWhitelisted(0, Alice) is true and penrose.pearlmit().allowance(from, msg.sender, 20, address(this), 0) will return 1000e18.

If Alice wants to borrow 50000e18 shares, she can split her BBBorrow.borrow into 50 times, and each time, using 1000e18 as shares

[cryptotechmaker]

The pearlmit allowance won't remain the same as it is consumed inside the same operation allowance was checked.