3 matches found
Malicious owner can steal some funds from borrower
Lines of code Vulnerability details Impact Owner can make changes to the protocol with immediate effect. Malicious owner can watch for big lend in the mempool and front run it by maxing out originationFeeRate to 5%. The users, both lender and borrower, will still think that originationFeeRate is...
Protocol doesn't handle fee on transfer tokens
Lines of code Vulnerability details Impact Since the borrower is able to specify any asset token, it is possible that loans will be created with tokens that support fee on transfer. If a fee on transfer asset token is chosen, the protocol will contain a point of failure on the original lend call...
Might not get desired min loan amount if _originationFeeRate changes
Lines of code Vulnerability details Impact Admins can update the origination fee by calling updateOriginationFeeRate. Note that a borrower does not receive their minLoanAmount set in createLoan, they only receive 1 - originationFee minLoanAmount, see lend. Therefore, they need to precalculate the...