In takeOverDebt, wrong parameter borrowingKey is used to call _addKeysAndLoansInfo
Summary
In takeOverDebt, wrong parameter borrowingKey is used to call _addKeysAndLoansInfo
Vulnerability Detail
The original purpose of the function takeOverDebt is taking over debt by transferring ownership of a borrowing to the current caller. So it uses _addKeysAndLoansInfo to add the oldLoans to the new caller. However, it uses wrong parameter borrowingKey which is the old borrowingkey.
zraxx
high
In
takeOverDebt
, wrong parameterborrowingKey
is used to call_addKeysAndLoansInfo
Summary
In
takeOverDebt
, wrong parameterborrowingKey
is used to call_addKeysAndLoansInfo
Vulnerability Detail
The original purpose of the function
takeOverDebt
is taking over debt by transferring ownership of a borrowing to the current caller. So it uses_addKeysAndLoansInfo
to add the oldLoans to the new caller. However, it uses wrong parameterborrowingKey
which is the old borrowingkey.Impact
New caller loses the loans.
Code Snippet
https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/LiquidityBorrowingManager.sol#L441
Tool used
Manual Review
Recommendation
Replace
borrowingKey
withnewBorrowingKey
Duplicate of #53