Savory White Panda - `Loans` can mature instantly due to lack of `minimumDuration` check and `variable`

[sherlock-admin3]

Savory White Panda

Medium

Loans can mature instantly due to lack of minimumDuration check and variable

Summary

In accepting offers there is no check for the least duration a loan should stay so as to mature, meaning if a borrower accepts a loan offer The loan will mature instantly. leading to a borrower to instanly lose his collateral or pay high interest since new lenders call auction. And if this is not accepted in the user Interface. The Attacker can create a proposal and match it using matchPropasal() using the smart contract Directly.

Root Cause

There is no check of minimumTime a loan can be given in both acceptLoanOffer(). acceptLoanOfferAndFillOrder(). nor is there either a variable to check against.

Internal pre-conditions

1. add minimum duration variable 1hour or above to avoid borrowers being thrown into high debts instantly.

External pre-conditions

No response

Attack Path

1. An Attacker creates a proposal and calls match if the ui doesn't allow 0 minimum time duration. he can create a proposal struct and call match directly.
2. The matchProposal directly matches the proposal to an borrower.
3. Once it is successful the attacker calls call() which then will allow auctioning of tokens.
4. a new lender can now bid leaving the attacker with profit from the new lender even though the loan matured instantly

Impact

The loanId will mature instantly causing the borrower to pay loan with high interest, to recapture the underlying tokens.

PoC

No response

Mitigation

Add a minimum duration like 1 hour, to avoid instant maturity in assertProposalValidity() function. https://github.com/sherlock-audit/2024-09-predict-fun/blob/main/predict-dot-loan/contracts/PredictDotLoan.sol#L1409C2-L1443C1