Closed sherlock-admin3 closed 4 months ago
Invalid, seems like a direct contradiction to what was suggested here. If a defaulted loan has been liquidated or a loan has been closed then the borrower would restore his reputation, seems like design choice
Additionally, it affects only functions used within reputation manager contract that is not used anywhere else in the protocol.
EgisSecurity
medium
TellerV2.sol#_liquidateLoanFull() - Doesn't set the reputation mark correctly
Summary
TellerV2.sol#_liquidateLoanFull() - Doesn't set the reputation mark correctly
Vulnerability Detail
The protocol implements borrower reputation, so that lenders can check if a borrower has ever been late/defaulted on one or more of his loans.
The only place where reputation is updated in inside
_repayLoan
. The function is called when a loan is being repaid (partially or fully).The problem is when a loan gets liquidated, the
bid.state
is first set toLIQUIDATED
and then inside_repayLoan
we callupdateAccountReputation
.updateAccountReputation
uses_applyReputation
to set add marks to a borrower who has been defaulted or was late for a payment, you can see that ifisLoanDefaulted = true
then a mark will be added.In the case of liquidations, a loan becomes liquidatable after it has become defaulted, so in theory, when a liquidation of a loan occurs, the borrower should incur a
RepMark.Default
, but becauseisLoanDefaulted
is written in the following way, he won't.As you can see if
bid.state != ACCEPTED
then thenisLoanDefaulted == false
, so no mark will be added, but that shouldn't be the case.Impact
Because no mark is added to the borrower, his reputation won't be affected, so future potential lenders won't know that the borrower has defaulted on his loans before.
Code Snippet
https://github.com/sherlock-audit/2024-04-teller-finance/blob/defe55469a2576735af67483acf31d623e13592d/teller-protocol-v2-audit-2024/packages/contracts/contracts/TellerV2.sol#L812
Tool used
Manual Review
Recommendation
Add the following to
_liquidateLoanFull