Pheonix - Borrowers loan can get stuck if lender becomes usdc blacklisted after giving loan.

[sherlock-admin4]

Pheonix

Medium

Borrowers loan can get stuck if lender becomes usdc blacklisted after giving loan.

Summary

If a lender that is about to be blacklisted gives a loan to an innocent borrower then borrower can't use repay() , refinance() or ever auction().

Root Cause

Consider these 3 functions.

1. repay()

2. refinance()

3. auction()

All of these function have one thing in common. They transfer loan token ( USDC ) to the lender.

Consider a scenario where a lender's address that is about to be blacklisted gives a loan to an innocent borrower. Since lender got blacklisted, a lender cannot repay their loan , nor they can consider refinance or even auction is lender decides to call the loan. All of this is because transfer of usdc cannot happen on a blacklisted address.

Borrowers tokens are stuck he cannot get back no matter what.

Internal pre-conditions

No response

External pre-conditions

Lender's address about to be blacklisted

Attack Path

1. Bob ( lender ) knows his address is about to blacklisted.
2. He quickly uses matchProposal or acceptBorrowRequest for an innocent borrower, Alice.
3. Bob's address becomes blacklisted.
4. Alice can't repay , refinance or auction her loan since safeTransferFrom on Bob's address will not work.

Impact

Borrower's CTF tokens are stuck in the contract that he cannot get back or roll over.

PoC

No response

Mitigation

Not sure about mitigation but we can proactively check in all the 3 functions is lender has become blacklisted and then create extra logic to handle loan after that.