The Protocol allow the Lenders to mint NFT for transferring the Loan ,after minting NFT the bid.lender get changed to LENDER_MANAGER. however if Lender don't want to transfer the NFT and get back the ownership from lender manger, there is no way to do this.
Vulnerability Detail
Alice minted the NFT for her Loan.
The bid.lender got changed to "LENDER_MANGER"
Alice want to get back the bid.lender to her address
She can't , because there is no feature to handle this case.
Impact
The NFT minting can result in lose of direct ownership for loan . which will prevent Alice form performing certain action like the one defined in my previous submission.
aman
medium
There is No way to get the Loan ownership back
Summary
The Protocol allow the Lenders to mint NFT for transferring the Loan ,after minting NFT the
bid.lenderget changed toLENDER_MANAGER. however if Lender don't want to transfer the NFT and get back the ownership from lender manger, there is no way to do this.Vulnerability Detail
bid.lenderto her addressImpact
The NFT minting can result in lose of direct ownership for loan . which will prevent Alice form performing certain action like the one defined in my previous submission.
Code Snippet
https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/TellerV2.sol#L590
Tool used
Manual Review
Recommendation
Add Feature to Allow NFT owner to burn NFT and take ownership of bid Directly.
Duplicate of #11