Closed sherlock-admin2 closed 5 months ago
Low/informational, this NFT would likely have no monetary value given no collateral is backing, so spamming mint would have no substantial impact. A possible DoS impact could be present here but the economic cost and impact wasn't highlighted during the time of the audit, and I believe would incur a unreasonable amount of gas cost anyways to reach uint(256).max number of NFT ids.
samuraii77
high
Users can mint any amount of loan NFTs for free
Summary
Users can mint any amount of loan NFTs for free
Vulnerability Detail
A user can submit a bid using the
TellerV2::submitBid()
function.The thing is, he can submit it with 0 collateral and 0 principal. Then, he can accept that same bid using the
TellerV2::lenderAcceptBid()
.There is no principal to pay out so this will cost him absolutely nothing. As he has became the lender of that loan, he can now call the
TellerV2::claimLoanNFT()
function:This will mint him an NFT with the only cost of paying gas fees. This can be done again and again by any user.
Impact
Users can mint any amount of loan NFTs for free
Code Snippet
https://github.com/sherlock-audit/2024-04-teller-finance/blob/defe55469a2576735af67483acf31d623e13592d/teller-protocol-v2-audit-2024/packages/contracts/contracts/TellerV2.sol#L578-L594 https://github.com/sherlock-audit/2024-04-teller-finance/blob/defe55469a2576735af67483acf31d623e13592d/teller-protocol-v2-audit-2024/packages/contracts/contracts/TellerV2.sol#L283-L301 https://github.com/sherlock-audit/2024-04-teller-finance/blob/defe55469a2576735af67483acf31d623e13592d/teller-protocol-v2-audit-2024/packages/contracts/contracts/TellerV2.sol#L481-L558
Tool used
Manual Review
Recommendation
One way to fix this would be to not allow borrows of 0 principal tokens.