Open sherlock-admin opened 1 year ago
Escalate for 1 USDC
Clear loss of funds. Should be high
Escalate for 1 USDC
Clear loss of funds. Should be high
You've created a valid escalation for 1 USDC!
To remove the escalation from consideration: Delete your comment. To change the amount you've staked on this escalation: Edit your comment (do not create a new comment).
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Escalation accepted
Escalation accepted
This issue's escalations have been accepted!
Contestants' payouts and scores will be updated according to the changes made on this issue.
0xRajeev
high
A payment made towards multiple liens causes the borrower to lose funds to the payee
Summary
A payment made towards multiple liens is entirely consumed for the first one causing the borrower to lose funds to the payee.
Vulnerability Detail
A borrower can make a bulk payment against multiple liens for a collateral hoping to pay more than one at a time using
makePayment (uint256 collateralId, uint256 paymentAmount)
where the underlying_makePayment()
loops over the open liens attempting to pay off more than one depending on thetotalCapitalAvailable
provided.However, the entire
totalCapitalAvailable
is provided viapaymentAmount
in the call to_payment()
in the first iteration which transfers that completely to the payee in its logic even if it exceeds thatlien.amount
. That total amount is returned ascapitalSpent
which makes thepaymentAmount
for next iteration equal to0
.Impact
Only the first lien is paid off and the entire payment is sent to its payee. The remaining liens remain unpaid. The payment maker (i.e. borrower ) loses funds to the payee.
Code Snippet
Tool used
Manual Review
Recommendation
Add
paymentAmount -= lien.amount
in theelse
block of_payment()
.