Alice(borrower) wanna repay all of her debt with 500 A token.
Attacker notices her transaction for repay, the attacker repays with borrower address(Alice's address) 1 A token with much higher gas price(frontrunning)
Attacker repaid 1 A token, deptSharesBalanceOf[Borrower] of Alice will be underflowed, since the solidity compiler version of this contract is over 0.8.0, the transaction will be automatically reverted.
marcoyaax
medium
Repay function can be DOSed
Summary
Repay function can be DOSed
Proof of Concept
https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/Pool.sol#L504
Alice(borrower) wanna repay all of her debt with 500 A token.
Attacker notices her transaction for repay, the attacker repays with borrower address(Alice's address) 1 A token with much higher gas price(frontrunning)
Attacker repaid 1 A token, deptSharesBalanceOf[Borrower] of Alice will be underflowed, since the solidity compiler version of this contract is over 0.8.0, the transaction will be automatically reverted.
Impact
Make borrower won't be able to repay debt.
Tool used
Manual Review
Recommendation
Implement DOS protection.
Duplicate of #75