If the protocol is paused, loans can be called, seized, but cannot be auctioned
Summary
The protocol can be paused, during this, a loan lender can choose to seize, call, or cancel the loan, but auction cannot be done.
Root Cause
Here are some function modifiers in the function:
function seize(uint256 loanId) external nonReentrant
function auction(uint256 loanId) external nonReentrant whenNotPaused
function call(uint256 loanId) external nonReentrant
function repay(uint256 loanId) external nonReentrant {
Which users are free to seize, call, and repay a loan when the protocol is paused. But not auction, while this may seem intended, it's also intended that a loan can be auction within a day of time, but during paused period, this will be prohibited, preventing auctioneers to potentially lose out some opportunities.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
When paused and a loan is called, other users cannot participate in auction as it's prohibited.
PoC
No response
Mitigation
A simple approach will be also disable call, seize, and cancel when paused.
Magnificent Cinnamon Fly
Medium
If the protocol is paused, loans can be called, seized, but cannot be auctioned
Summary
The protocol can be paused, during this, a loan lender can choose to seize, call, or cancel the loan, but auction cannot be done.
Root Cause
Here are some function modifiers in the function:
Which users are free to seize, call, and repay a loan when the protocol is paused. But not auction, while this may seem intended, it's also intended that a loan can be auction within a day of time, but during paused period, this will be prohibited, preventing auctioneers to potentially lose out some opportunities.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
When paused and a loan is called, other users cannot participate in auction as it's prohibited.
PoC
No response
Mitigation
A simple approach will be also disable call, seize, and cancel when paused.