Free TAU borrows

Summary

Since there are no caps on borrow amounts, a user can continuously borrow TAU risk free by monitoring the _disburseTau variables. Since the TAU will be borrowed with the collaterals yield it will be small amounts but risk free. Therefore, user has no reason to dump the TAU in secondary market since the tokens are basically free win.

Vulnerability Detail

Example: User A deposit 100 collateral tokens and not borrows anything.  User A checks the tauWithheld, tokensLastDisbursedTimestamp, cumulativeTauRewardPerCollateral and userDetails[_account].lastUpdatedRewardPerCollateral.   Once user satisfies with the calculated _extraRewardPerCollateral, user can derive the new cumulativeTauRewardPerCollateral hence the _rewardDiff. If rewardDiff is known in user end user can basically calculate the _tauEarned and borrow that amount. As long as gas fee < tauGains user will be in profit.   Selling TAU to secondary market contionusly will break this strategies efficient eventually since the TAU amount in the secondary market will increase hence the price will decrease.   User is waiving his potential reward yield over TAU rewards. So in theory user is not actually winning anything, user is just converting his yield from vaults reward token to TAU. However, this can hurt the system if the user is not doing this for profit but to damage the protocol. Also, if sometime in future TAU incentives added to the contract on top of the reward yield from collaterals this strategy will be profitable for user so he has a financial reason to do so. Extra TAU incentives can be given via this function:  https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Vault/TauDripFeed.sol#L51-L60

Impact

Code Snippet

https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Vault/BaseVault.sol#L92-L103

Tool used

Manual Review

sherlock-audit / 2023-03-taurus-judging

mstpr-brainbot - Free TAU borrows #166