Malicious Approved Borrower can remove all other approved borrowers effectively denying access to borrowing #136
Labels
bug
Something isn't working
downgraded by judge
duplicate
This issue or pull request already exists
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Lines of code
https://github.com/code-423n4/2022-08-frax/blob/c4189a3a98b38c8c962c5ea72f1a322fbc2ae45f/src/contracts/FraxlendPair.sol#L307
Vulnerability details
Impact
Detailed description of the impact of this finding.
A malicious approved borrower can call
setApprovedBorrowers
with_approval==False
effectively removing approval for other borrowers which denies them access toborrowAsset
,leveragedPosition
functions.Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Malicious approved borrower calls
setApprovedBorrowers
with list of_borrowers
and_approval==False
. A frontrun attack is also possible where the attacker front runs calls toborrowAsset
,leveragedPosition
functions effectively doing a DOS.Tools Used
Manual Review
Recommended Mitigation Steps
Restrict access to
setApprovedBorrowers
by making it anonlyOwner
functionThe text was updated successfully, but these errors were encountered: