Closed github-actions[bot] closed 1 year ago
@clems4ev3r this is a duplicate of #312
@hrishibhat need to close this
@vnadoda, respectfully disagree, this is a duplicate of #308 and #190.
@clems4ev3r I mentioned #312 because the reporter mentioned "Minimal renewal has to be increased probably" as a remedy. anyway, we need to close this as we plan to fix both, #312 and #190.
libratus
high
Buyer can get protection cheaply using renewal grace period and low minimal renewal duration
Summary
Buyer can keep renewing protection at the end of grace period using minimal renewal duration. While on grace period, buyer can front-run defaults effectively getting protection while not paying for it.
Vulnerability Detail
Grace period for renewing protection is planned to be around 14 days as mentioned in tests: https://github.com/sherlock-audit/2023-02-carapace/blob/main/test/contracts/ProtectionPool.test.ts#L392-L396
Minimal protection renewal is 1 day: https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/libraries/ProtectionPoolHelper.sol#L52-L60
This setup allows the buyer to keep renewing protection while paying premium for 1 day out of 15. While on grace period, they can look for signs of default or event front-run DefaultStateManager before default in order to get compensated when default happens.
Alternatively, buyer can choose to get protection for days when payments are expected from the borrower and avoid paying premium for the days in between.
Impact
Buyer can get protection much cheaper than intended. They only have to pay full premium for the first 90 days, while Goldfinch loans last years.
Code Snippet
https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/core/pool/ProtectionPool.sol#L176-L195
Tool used
Manual Review
Recommendation
Minimal renewal has to be increased probably. Grace period can also be decreased and premium can be collected during the grace period.
Duplicate of #308