Borrower can fully bypass the onRepay
hook
#61
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-b
primary issue
Highest quality submission among a set of duplicates
Q-16
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
🤖_117_group
AI based duplicate group recommendation
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-08-wildcat/blob/main/src/market/WildcatMarketBase.sol#L406
Vulnerability details
Impact
Borrower can bypass calls to the
onRepay
hookProof of Concept
Within the protocol, users are free to implement markets with a set of hooks, including a
onRepay
hook which is intended to be called any time a repayment is made.However, the problem is that any funds transferred directly to the contract are treated as a repayment by the borrower. This does allow the borrower, any time they wish to make a repayment, they can just send the funds to the contract and avoid the
onRepay
hook (as it may apply restrictions, extra fees or generally - anything)This basically makes the
onRepay
hook useless.Tools Used
Manual review
Recommended Mitigation Steps
Consider either using internal accounting or removing the
onRepay
hook.Assessed type
Context
The text was updated successfully, but these errors were encountered: