A borrower cannot take back his collateral if the lender is blocked.

Summary

If a lender is blocked, the users who borrow funds from him cannot repay loan and take back their collaterals.

Root Cause

The contest readme says that:

The collateral token should match the integrated prediction market’s collateral token. On Blast it will be USDB and USDC on other prediction markets.

USDC is a typical blocklist token. So, if a lender is blocked, the users who borrow funds from him cannot repay loan and take back their collaterals due to reverting at L470. As a result, the lender will seize the collateral unfarily.

https://github.com/sherlock-audit/2024-09-predict-fun/blob/main/predict-dot-loan/contracts/PredictDotLoan.sol#L454-L474

    function repay(uint256 loanId) external nonReentrant {
        Loan storage loan = loans[loanId];

        _assertAuthorizedCaller(loan.borrower);

        LoanStatus status = loan.status;
        if (status != LoanStatus.Active) {
            if (status != LoanStatus.Called) {
                revert InvalidLoanStatus();
            }
        }

        uint256 debt = _calculateDebt(loan.loanAmount, loan.interestRatePerSecond, _calculateLoanTimeElapsed(loan));

        loan.status = LoanStatus.Repaid;

470:    LOAN_TOKEN.safeTransferFrom(msg.sender, loan.lender, debt);
        CTF.safeTransferFrom(address(this), msg.sender, loan.positionId, loan.collateralAmount, "");

        emit LoanRepaid(loanId, debt);
    }

Internal pre-conditions

None

External pre-conditions

A lender is blocked in the USDC token.

Attack Path

A lender is blocked in the USDC token after a user borrowed some loan form him.

Impact

A borrower cannot repay his loan and the collateral will be seized by the lender.

PoC

Mitigation

When a lender is blocked, the collateral should be given to the borrower.

sherlock-audit / 2024-09-predict-fun-judging

kennedy1030 - A borrower cannot take back his collateral if the lender is blocked. #252