sherlock-admin2
commented
11 months ago 1 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
There is a deadline check in parent function
Closed sherlock-admin2 closed 11 months ago
sherlock-admin2
commented
11 months ago 1 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
There is a deadline check in parent function
ReadyPlayer2
medium
Redundant deadline mechanism in LiquidationBorrowingManager possibly leading to postperiod calls.
Summary
In LiquidationBorrowingManager.sol the function
borrow(BorrowParams calldata params, uint256 deadline)andrepay(RepayParams calldata params, uint256 deadline)do not use thedeadlineparameter in order to enforce a borrowing validation period or repayment validation period.Vulnerability Detail
The functions
borrow()andrepay()in LiquidationBorrowingManager.sol do not use the function parameterdeadlineof typeuint256effectively making it redundant to the protocol, due to the fact that the modifiercheckDeadline(uint256 deadline)only checks that thedeadlineinput paramter is greater than the current block timestamp.Impact
For the
borrow()function the deadline is not enforced for the period after which, once elapsed, the transaction is considered invalid and for therepay()function, the period in which a repayment must be made. The main area of concern is that at the current implementation the deadline parameter is not enforced and a result all transaction time frames are nullified.Code Snippet
modifier checkDeadline(uint256 deadline) { (_blockTimestamp() > deadline).revertError(ErrLib.ErrorCode.TOO_OLD_TRANSACTION); _; }Tool used
Manual Review
Recommendation
I would recommend that the deadline input parameter be integrated into the borrowing or repayment data structures in storage in order to be verified against future transactions.