Prehistoric Fleece Pig - Paused ERC1155 result in the borrower being unable to repay his debt

[sherlock-admin3]

Prehistoric Fleece Pig

Medium

Paused ERC1155 result in the borrower being unable to repay his debt

Summary

The repay function will revert if the ERC1155 token used as collateral has pause functionality enabled, preventing loan repayment.

Root Cause

The protocol's collateral is implemented using ERC1155 tokens. Some ERC1155 tokens include a pause feature, which, when activated, restricts transfers. If such a paused token is used as collateral, any repayment attempt will revert, as seen in the following function:

    function repay(uint256 loanId) external nonReentrant {
        Loan storage loan = loans[loanId];

        _assertAuthorizedCaller(loan.borrower);

        LoanStatus status = loan.status;
        if (status != LoanStatus.Active) {
            if (status != LoanStatus.Called) {
                revert InvalidLoanStatus();
            }
        }

        uint256 debt = _calculateDebt(loan.loanAmount, loan.interestRatePerSecond, _calculateLoanTimeElapsed(loan));

        loan.status = LoanStatus.Repaid;

        LOAN_TOKEN.safeTransferFrom(msg.sender, loan.lender, debt);
        //@audit
        CTF.safeTransferFrom(address(this), msg.sender, loan.positionId, loan.collateralAmount, "");

        emit LoanRepaid(loanId, debt);
    }

This scenario leaves the borrower unable to repay their debt despite their willingness to do so, leading to the risk of loan seizure.

Lines of Code

https://github.com/sherlock-audit/2024-09-predict-fun/blob/41e70f9eed3f00dd29aba4038544150f5b35dccb/predict-dot-loan/contracts/PredictDotLoan.sol#L471

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

The borrower will lose their collateral since they are unable to repay the loan.

PoC

No response

Mitigation

No response