3 matches found
borrower can prevent liquidity provider from withdrawing their liquidity
Lines of code Vulnerability details Description When a liquidity provider wants to withdraw their liquidity they can call ParticlePositionManager::reclaimLiquidity. This will prevent any renewals: ParticlePositionManager::addPremium: File: protocol/ParticlePositionManager.sol 508: // check LP...
Malicious owner can steal some funds from borrower
Lines of code Vulnerability details Impact Owner can make changes to the protocol with immediate effect. Malicious owner can watch for big lend in the mempool and front run it by maxing out originationFeeRate to 5%. The users, both lender and borrower, will still think that originationFeeRate is...
Might not get desired min loan amount if _originationFeeRate changes
Lines of code Vulnerability details Impact Admins can update the origination fee by calling updateOriginationFeeRate. Note that a borrower does not receive their minLoanAmount set in createLoan, they only receive 1 - originationFee minLoanAmount, see lend. Therefore, they need to precalculate the...