Incase the debtor has approval for more debt, the debtor can first incurDebt to a higher value following which the setDebt will clear off debt higher than the newDebt amount. Vice versa for users who repayDebt.
Impact
Incorrect debt accounting. Some users may be able to have unaccounted debt
hash
medium
setDebt can be front-runned
Summary
setDebt can be front-runned allowing user to have more debt than accounted
Vulnerability Detail
The setDebt function set's the debt of a debtor.
Incase the debtor has approval for more debt, the debtor can first incurDebt to a higher value following which the setDebt will clear off debt higher than the newDebt amount. Vice versa for users who repayDebt.
Impact
Incorrect debt accounting. Some users may be able to have unaccounted debt
Code Snippet
https://github.com/sherlock-audit/2023-11-olympus/blob/9c8df76dc9820b4c6605d2e1e6d87dcfa9e50070/bophades/src/modules/TRSRY/OlympusTreasury.sol#L197-L210
Tool used
Manual Review
Recommendation
Keep an increasal and decreasal mechanism for manipulating reserveDebt values
Duplicate of #23