lucifero - An attacker can increase liquidity to the position's UniswapNFT to prevent the loan from being repaid

[sherlock-admin]

lucifero

high

An attacker can increase liquidity to the position's UniswapNFT to prevent the loan from being repaid

Summary

An attacker can increase liquidity to the position's UniswapNFT to prevent the loan from being repaid

Vulnerability Detail

UniswapV3NPM allows the user to increase liquidity to any NFT.

            function increaseLiquidity(IncreaseLiquidityParams calldata params)
                 external payable override checkDeadline(params.deadline)
                    returns (
                     uint128 liquidity, uint256 amount0, uint256 amount1)
            {
            Position storage position = _positions[params.tokenId];
                PoolAddress.PoolKey memory poolKey = _poolIdToPoolKey[position.poolId];
                    IUniswapV3Pool pool;
                        (liquidity, amount0, amount1, pool) = addLiquidity(

_getHoldTokenAmountIn() function (which is called by restoreLiquidty()) uses getAmountsForLiquidity() to fetch amount0 and amount1. Later one of those values are used to calclulate holdTokenAmountIn

461:     holdTokenAmountIn = amount0 == 0 ? 0 : holdTokenDebt - amount1;

An attacker can add liquidity and make amount1 bigger than holdTokenDebt. If this happens repay function will revert due to underflow

Impact

Accidentally or intentionally, a lender can prevent a borrower from repaying their loan

Code Snippet

https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/abstract/LiquidityManager.sol#L235 https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/abstract/LiquidityManager.sol#L449-L466

Tool used

Manual Review

Recommendation

Duplicate of #132