ali_shehab - `takeOverDebt` is not setting the new borrowing for the new borrowe/trader, resulting him paying funds without getting anything in return #73
takeOverDebt is not setting the new borrowing for the new borrowe/trader, resulting him paying funds without getting anything in return
Summary
We have 2 users Bob and Alice, Bob borrows a borrowing, a borroing key is computed which is a result of Keys.computeBorrowingKey(msg.sender, saleToken, holdToken). This key gets saved in userBorrowingKeys(Bob). Bob's borrowing is now liquidatable, for whatever reason, Alice decides to take over Bob's debt, she calls takeOverDebt with the key of Bob's borrowing and the needed collateralAmt to take over the debt. The takeOverDebt function calculates the new borrowing and removed the old borrowing correctly, but fails to set it the new borrowing for alice as it is setting _addKeysAndLoansInfo(newBorrowing.borrowedAmount > 0, borrowingKey, oldLoans); instead of _addKeysAndLoansInfo(newBorrowing.borrowedAmount > 0, newBorrowingKey, oldLoans);, this results userBorrowingKeys(alice) to be missing the new borrowing key, and borrowingsInfo(newBorrowingKey) to have borrower set to address(0) instead of alice. This results in Alice paying funds without getting anything in return.
Vulnerability Detail
Adding the borrowing instead of the newBorrowing _addKeysAndLoansInfo(newBorrowing.borrowedAmount > 0, borrowingKey, oldLoans); instead of _addKeysAndLoansInfo(newBorrowing.borrowedAmount > 0, newBorrowingKey, oldLoans);
Impact
The person who pays to takeOverDebt will pay money however, he will get nothing in return.
ali_shehab
high
takeOverDebt
is not setting the new borrowing for the new borrowe/trader, resulting him paying funds without getting anything in returnSummary
We have 2 users Bob and Alice, Bob borrows a borrowing, a borroing key is computed which is a result of
Keys.computeBorrowingKey(msg.sender, saleToken, holdToken)
. This key gets saved inuserBorrowingKeys(Bob)
. Bob's borrowing is now liquidatable, for whatever reason, Alice decides to take over Bob's debt, she callstakeOverDebt
with the key of Bob's borrowing and the neededcollateralAmt
to take over the debt. ThetakeOverDebt
function calculates the new borrowing and removed the old borrowing correctly, but fails to set it the new borrowing for alice as it is setting_addKeysAndLoansInfo(newBorrowing.borrowedAmount > 0, borrowingKey, oldLoans);
instead of_addKeysAndLoansInfo(newBorrowing.borrowedAmount > 0, newBorrowingKey, oldLoans);
, this resultsuserBorrowingKeys(alice)
to be missing the new borrowing key, andborrowingsInfo(newBorrowingKey)
to haveborrower
set toaddress(0)
instead ofalice
. This results in Alice paying funds without getting anything in return.Vulnerability Detail
Adding the
borrowing
instead of thenewBorrowing
_addKeysAndLoansInfo(newBorrowing.borrowedAmount > 0, borrowingKey, oldLoans); instead of _addKeysAndLoansInfo(newBorrowing.borrowedAmount > 0, newBorrowingKey, oldLoans);Impact
The person who pays to
takeOverDebt
will pay money however, he will get nothing in return.Code Snippet
https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/LiquidityBorrowingManager.sol#L441
Tool used
Manual Review
Recommendation
Use
_addKeysAndLoansInfo(newBorrowing.borrowedAmount > 0, newBorrowingKey, oldLoans);
instead of_addKeysAndLoansInfo(newBorrowing.borrowedAmount > 0, borrowingKey, oldLoans);
Duplicate of #53