batch refinancing in refinance can be DOS'd by users toggling toggleAutoRefinancingEnabled
Summary
Batch refinancing allows operators with the REFINANCIER_ROLE to replace existing loans with a new one, potentially under more favorable terms, such as a lower interest rate or different lender. However users have the right to enable or disable this using toggleAutoRefinancingEnable
different users can disable this feature at different times to make this function inoperable.
Root Cause
in PredictDotLoan:693 users can toggle autorefinancing at any time.
0xLeveler
Medium
batch refinancing in
refinancecan be DOS'd by users togglingtoggleAutoRefinancingEnabledSummary
Batch refinancing allows operators with the
REFINANCIER_ROLEto replace existing loans with a new one, potentially under more favorable terms, such as a lower interest rate or different lender. However users have the right to enable or disable this usingtoggleAutoRefinancingEnabledifferent users can disable this feature at different times to make this function inoperable.Root Cause
in PredictDotLoan:693 users can toggle autorefinancing at any time.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
operator with
REFINANCIER_ROLEcan call the refinance function here: https://github.com/sherlock-audit/2024-09-predict-fun/blob/main/predict-dot-loan/contracts/PredictDotLoan.sol#L500-L514However users that toggle this just before the function call cause it to fail, meaning loans in the entire array cannot be refinanced. https://github.com/sherlock-audit/2024-09-predict-fun/blob/main/predict-dot-loan/contracts/PredictDotLoan.sol#L693-L697
Impact
loans cannot be refinanced in batches, because they will revert for every loan that disables
autorefinancingPoC
No response
Mitigation
Add some interval between toggle refinancing to prevent it from being abused.