4 matches found
useAndRepay function can be used to underflow the principal debt of a credit
Lines of code Vulnerability details The function useAndRepay present in the SpigotedLine contract doesn't check that the amount is within the debt limit and can be used by a malicious lender to underflow the principal variable and manipulate the debt of a credit. Impact A malicious lender can use...
Malicious lender can change price oracle for outstanding loan
Lines of code Vulnerability details The updateLoanParams function in NFTPairWithOracle.sol allows the lender to update parameters for an outstanding loan duration, valuation, annual interest, and collateralization ratio as long as they are the same or better for the borrower. These params are...
No success required for Oracle market rate queries
Lines of code Vulnerability details Impact The system can use stale or even plainly incorrect due to any technical malfunction price for decision making. For example, a malicious lender can setup a bot that tracks incorrect readings i.e. track the state of the Oracle used and act on observing...
makePayment() Lack of access control allows malicious lender to retrieve a large portion of the funds earlier, making the borrower suffer fund loss
Handle WatchPug Vulnerability details function makePaymentuint256 amount external override returns uint256 principal, uint256 interest // The amount specified is an optional amount to be transfer from the caller, as a convenience for EOAs. requireamount == uint2560 ||...