021.md

Real Honey Poodle

Medium

wrong implement of 'revalidateCollateral'

Summary

Here in the revalidateCollateral we are not checking whether borrower is zero address or not,then we are calling the _checkBalance and there we are verifying with the IERC20(_collateralInfo._collateralAddress).balanceOf( _borrowerAddress).so we are checking the balance of zero address.

Root Cause

https://github.com/sherlock-audit/2024-11-teller-finance-update/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/CollateralManager.sol#L185

function revalidateCollateral(uint256 bidId) external view returns (bool validation) { Collateral[] memory collateralInfos = getCollateralInfo(_bidId); address borrower = tellerV2.getLoanBorrower(bidId); (validation, ) = _checkBalances(borrower, collateralInfos, true); }

function _checkBalance( address _borrowerAddress, Collateral memory _collateralInfo ) internal virtual view returns (bool) { CollateralType collateralType = _collateralInfo._collateralType;

    if (collateralType == CollateralType.ERC20) {
        return
            _collateralInfo._amount <=
            IERC20(_collateralInfo._collateralAddress).balanceOf(
                _borrowerAddress
            );
    } else if (collateralType == CollateralType.ERC721) {
        return
            _borrowerAddress ==
            IERC721Upgradeable(_collateralInfo._collateralAddress).ownerOf(
                _collateralInfo._tokenId
            );
    } else if (collateralType == CollateralType.ERC1155) {
        return
            _collateralInfo._amount <=
            IERC1155Upgradeable(_collateralInfo._collateralAddress)
                .balanceOf(_borrowerAddress, _collateralInfo._tokenId);
    } else {
        return false;
    }
}

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

No response

PoC

No response

Mitigation

require(borrower != address(0), "Loan has no borrower");