ak1 - absence of minimum borrow amount would lead to loss of funds to borrower unknowingly.

[sherlock-admin]

ak1

medium

absence of minimum borrow amount would lead to loss of funds to borrower unknowingly.

Summary

Borrower can make the loan request and get the amount. The net borrowed amount would be after deducting the protocol fee and market fee. This can be done by calling the lenderAcceptBid.

after deducting the market fee and collateral fee, the remaining amount would be sent to the sender(borrower)

There is no check whether the amount would be greater than after deducting the fee.

Though it would be user responsibility to enter the valid amount, i would still suggest to handle this, by considering the wide range of user.

Note, there are not minimum loan amount is given as input.

Vulnerability Detail

In lenderAcceptBid, following lines are deducting the fee ,

    amountToProtocol = bid.loanDetails.principal.percent(protocolFee());
    amountToMarketplace = bid.loanDetails.principal.percent(
        marketRegistry.getMarketplaceFee(bid.marketplaceId)
    );
    amountToBorrower =
        bid.loanDetails.principal -
        amountToProtocol -
        amountToMarketplace;

after deducting the fee, the remaining amount would be sent to the borrower at below lines,

    bid.loanDetails.lendingToken.safeTransferFrom(
        sender,
        bid.receiver,
        amountToBorrower
    );

Incase the requested loan amount would be sum of all the fee, borrower would receive nothing.

Impact

user would lost fund.

Code Snippet

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L470-L539

Tool used

Manual Review

Recommendation

Check whether the borrower is receiving any fund. or Provide minimum borrower amount value from the borrower. When they are not receiving any value, borrower can be reverted by relevant error message.