Skip to content
This repository has been archived by the owner on Oct 22, 2023. It is now read-only.

PawelK - No deadline in submitBid function #25

Closed
sherlock-admin opened this issue Apr 22, 2023 · 0 comments
Closed

PawelK - No deadline in submitBid function #25

sherlock-admin opened this issue Apr 22, 2023 · 0 comments
Labels
Non-Reward This issue will not receive a payout

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Apr 22, 2023
edited by github-actions bot
Loading

PawelK

medium

No deadline in submitBid function

Summary

No deadline parameter in submitBid function

Vulnerability Detail

The submitBid function doesn't contain deadline parameter. If the borrower would submit function, and forget about it, or would be blocked to send the function via griefing attack, or any other reason, he might not call cancelBid function and might get a not favorable deal, because of the volatile market conditions.

Impact

Unfavorable loan for the borrower.

Code Snippet

function _submitBid(
        address _lendingToken,
        uint256 _marketplaceId,
        uint256 _principal,
        uint32 _duration,
        uint16 _APR,
        string calldata _metadataURI,
        address _receiver,
        uint256 _deadline // add new parameter
    ) internal virtual returns (uint256 bidId_)

Tool used

Manual Review

Recommendation

Add deadline field to submitBid, and if the acceptLoan function would be called after it, it should revert.
You could also add that if the user sets deadline to 0, then it lasts until canceled.
It should be up to the borrower to decide what risk of market change condition he is willing to take, and set according to the deadline for the bid.

Duplicate of #187
@github-actions github-actions bot closed this as completed May 1, 2023
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels May 1, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label May 20, 2023
@sherlock-admin sherlock-admin added Non-Reward This issue will not receive a payout and removed Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Reward A payout will be made for this issue labels Jun 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin