Setting `protocolFeeBasisPoints = 0` will allow the lender to DoS on repaying a matured loan by auctioning the loan

Setting protocolFeeBasisPoints = 0 will allow the lender to DoS on repaying a matured loan by auctioning the loan.

When a new lender auctions a matured loan, they have to pay the protocol fee

If protocolFeeBasisPoints = 0, then the protocol fee will be zero. In this case, the fee of auctioning is just the gas fee.

No response

Alice borrows from Bob
The loan is matured
Alice repays the loan
Bob front-runs Alice's transaction by calling the loan and stuffs the current block to push Alice's transaction to the next block
In the next block, Bob front-runs Alice's transaction with auction, to create a new loan.

Alice's transactions in step 3 will revert, because the status of the current loan is LoanStatus.Auctioned
In step 4, Bob has to stuff the current block because auction can not be called in the same block as call
In step 5, Bob has to use a different address to auction the loan, because the new lender can not be the same as the old lender

The borrower can not repay the loan
Every time the loan is auctioned, the loanAmount will increase, because debt is accrued from the startTime to the callTime. At some point, the value of the loan amount will be greater than the value of the collateral amount, the borrower will give up on repaying the loan. As a result, the lender can seize the loan and benefit from the collateral.

No response

Have a higher minimum of protocolFeeBasisPoints. For example, protocolFeeBasisPoints should be between 100 and 200.

sherlock-audit / 2024-09-predict-fun-judging