Dandy Caramel Tortoise
Medium
Lack of minimum debt requirements can cause lenders loose assets to griefing attacks
There are no minimum debt amount checks enforced inside acceptFundsForAcceptBid. As a result an attacker can take out loans of very small amounts which will be not profitable (gas costwise) to liquidate in the open market or until significant losses is incurred by the lender contract. This will cause the lenders to loose their deposited assets
function acceptFundsForAcceptBid(
address _borrower,
uint256 _bidId,
uint256 _principalAmount,
uint256 _collateralAmount,
address _collateralTokenAddress,
uint256 _collateralTokenId,
uint32 _loanDuration,
uint16 _interestRate
) external onlySmartCommitmentForwarder whenForwarderNotPaused whenNotPaused {No response
No response
- Lender deposits 1000 into
LenderCommitmentGroup_Smart - Attacker creates loans of (10 * 100). The collateral backing each loan of 10 is assumed to be of 15 in value. This amount is not profitable to be liquidated in the open market due to gas costs until the amount the liquidators have to pay drops far below 10 causing lost assets for the lenders
Lost assets for the lenders
No response
Enforce a minimum amount requirement for the borrowing