Rapid Basil Swallow
High
Unauthorized Borrowing: A user can designate an address as the onBehalfOf party and invoke the executeBorrow function in a credit delegation scenario. If the specified onBehalfOf address has not explicitly authorized the user to borrow using their credit, the onBehalfOf party incurs the debt while the user receives the borrowed funds.
In a credit delegation scenario, the user (delegatee) can assign responsibility for the debt to an onBehalfOf address via the executeBorrow function. However, there is no mechanism to verify that the onBehalfOf address has authorized the user to borrow on their behalf, as outlined in the mint function documentation.
- Bob unknowingly becomes the onBehalfOf party.
- Alice maliciously calls the borrow function, passing her address as user and Bob’s address as onBehalfOf.
- If the protocol doesn’t validate that Bob has explicitly allowed Alice to borrow using his credit, Bob ends up with the debt, while Alice receives the funds.
Assignment of debt to the onBehalfOf address without their explicit authorization.
Implement proper access control and ensure that the onBehalfOf address has explicitly granted permission to the user through a signed message before the mint function is called