Closed sherlock-admin3 closed 3 months ago
1 comment(s) were left on this issue during the judging contest.
0xmystery commented:
Overdue check meant to be only in the else block
Escalate
There is functionally no difference between a user creating a new Vouch and increasing their trust for an existing Vouch. In both of those circumstances the lender is an unreliable actor who is extending credit despite being unable to satisfy their own obligations which potentially creates an insolvent position in the protocol. The fact that there is indeed an overdue check in the else should serve as a confirmation that this issue is valid as it shows that extending credit for other members when overdue is a highly risky and undesirable act. And this is why the lack of an overdue check in the if block is a clear oversight that should be considered a valid issue.
Escalate
There is functionally no difference between a user creating a new Vouch and increasing their trust for an existing Vouch. In both of those circumstances the lender is an unreliable actor who is extending credit despite being unable to satisfy their own obligations which potentially creates an insolvent position in the protocol. The fact that there is indeed an overdue check in the else should serve as a confirmation that this issue is valid as it shows that extending credit for other members when overdue is a highly risky and undesirable act. And this is why the lack of an overdue check in the if block is a clear oversight that should be considered a valid issue.
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Will have to let the sponsors decide if this is an intended or a flawed design. If the latter is being vouched for, uToken.checkIsOverdue(staker))
should be checked before the if/else clause then.
@mystery0x Let me clarify, it makes sense if a user is overdue for them to decrease their (not locked) existing trust for other users as this will remove any unreliable credit they are extending, thus i don't think it makes sense to put the uToken.checkIsOverdue(staker))
check before the if
/else
clause. Instead the user should be prevented from increasing their existing trust, with that in mind please refer to the mitigation section.
Thank you for the response.
Firstly, thank you CFSecurity for using the new templates, love to see it.
Secondly, I'll also consult with the sponsor if this is intended or not, I agree it's suboptimal, but as I understand there's no direct loss of funds here?
No there is no direct loss of funds. It does however allow for insolvent positions to be created by unreliable lenders. On a side note thank you for your time and working with the new templates has been smooth.
Further considering this issue, I believe it's actually a design recommendation. While I believe it can lead to problems and unreliable users getting more trust than they deserve, but I believe it's user's responsibility to decide whom to give the trust to.
Hence, I believe it's low severity and a design recommendation. Planning to reject the escalation and leave the issue as it is.
Result: Invalid Unique
Further considering this issue, I believe it's actually a design recommendation. While I believe it can lead to problems and unreliable users getting more trust than they deserve, but I believe it's user's responsibility to decide whom to give the trust to.
Hence, I believe it's low severity and a design recommendation. Planning to reject the escalation and leave the issue as it is.
Yes, this is our intended design. While users can vouch for an arbitrary amount, we check how much effective vouches are available when someone borrows. We did that because a staker/voucher can vouch for multiple borrowers at the same time and they all share the same credit from that staker. So, it's much easier to have the staker to manually set the trust amount, and the contracts calculate the actual borrower can borrow on the fly.
CFSecurity
Medium
UserManager::updateTrust
allows staker to increase their trust for another user despite being overdue on their loanSummary
This oversight in
UserManager::updateTrust
undermines the core principle of Union's credit system. This vulnerability compromises the integrity of this system by allowing obviously unreliable actors to extend more credit. As the protocol relies on a network of trust, this vulnerability could create a domino effect of defaults and over-extended credit lines, potentially destabilizing the entire system.Root Cause
In
UserManager.sol
there should be check for whether the staker is overdue if the new trust amount is higher than the current trust amount. The same as there is in theelse
block for creating a new vouch. https://github.com/sherlock-audit/2024-06-union-finance-update-2/blob/7ffe43f68a1b8e8de1dfd9de5a4d89c90fd6f710/union-v2-contracts/contracts/user/UserManager.sol#L595-L600Internal pre-conditions
All involved parties must be members of the Union protocol.
External pre-conditions
No response
Attack Path
Staker
updates trust forborrower
to 100 DAI.Staker
borrows 100 DAI against extended trust from another user.staker
paying on their loan.Staker
updates trust forborrower
to 200 DAI.Borrower
borrows 200 DAI against the unreliable trust.Impact
This vulnerability poses a significant threat to the integrity of the protocol's its trust-based credit system. By allowing users to increase credit lines even when overdue on loans, it undermines the core principles of responsible lending and could lead to a cascade of defaults.
PoC
Add the following lines to the
vouching.ts
hardhat integration test setup:And the add and run the following test:
Mitigation
Simply add the following check when modifying trust amount in
UserManager.sol::updateTrust