The borrow function can borrow money multiple times. The amount that can be borrowed can exceed the limit.
Vulnerability Detail
When calculating the borrow function, the value of the current collateral is calculated through _computeAllowanceAmountInAsset, but the current borrowed balance is not checked. Therefore, the user can bypass the maximum borrowing amount by borrowing multiple times.
cu5t0mPe0
high
Borrowing can exceed the maximum amount
Summary
The borrow function can borrow money multiple times. The amount that can be borrowed can exceed the limit.
Vulnerability Detail
When calculating the borrow function, the value of the current collateral is calculated through
_computeAllowanceAmountInAsset
, but the current borrowed balance is not checked. Therefore, the user can bypass the maximum borrowing amount by borrowing multiple times.Impact
The amount that users can borrow far exceeds that of collateral
Code Snippet
https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/markets/bigBang/BBBorrow.sol#L37-L53
Tool used
Manual Review
Recommendation
Check the amount borrowed
Duplicate of #13