Attacker can steal the locked NFT in protocol because of lacking check in function borrowToBuy()
Lines of code Vulnerability details Impact In function borrowToBuy, the borrower takes a loan offer and uses the funds to purchase NFT. / Take the loan offer. / takeLoanOfferoffer, signature, lienId, loanAmount, collateralTokenId; / Lock token. / offer.collection.transferFrommsg.sender,...