Skip to content

Latest commit

 

History

History
66 lines (40 loc) · 1.66 KB

041.md

File metadata and controls

66 lines (40 loc) · 1.66 KB
Raw

Dandy Caramel Tortoise

Medium

Failure to use updated payment amount will cause repayer's to loose assets in case they pay in excess

Summary

Failure to use updated payment amount will cause re-payer's to loose assets in case they pay in excess

Root Cause

In case the payment is greater than the owed amount, the _sendOrEscrowFunds function still uses the excess amount instead of the owed amount. This causes the excess amounts to be lost to the borrower

https://github.com/sherlock-audit/2024-11-teller-finance-update/blob/0c8535728f97d37a4052d2a25909d28db886a422/teller-protocol-v2-audit-2024/packages/contracts/contracts/TellerV2.sol#L828-L844

    function _repayLoan(
        uint256 _bidId,
        Payment memory _payment,
        uint256 _owedAmount,
        bool _shouldWithdrawCollateral
    ) internal virtual {
        Bid storage bid = bids[_bidId];
        uint256 paymentAmount = _payment.principal + _payment.interest;


        RepMark mark = reputationManager.updateAccountReputation(
            bid.borrower,
            _bidId
        );


        // Check if we are sending a payment or amount remaining
        if (paymentAmount >= _owedAmount) {
            paymentAmount = _owedAmount;

        ...

        // @audit the old _payment amount is still used instead of the updated paymentAmount
        _sendOrEscrowFunds(_bidId, _payment); //send or escrow the funds

Internal pre-conditions

  1. User must make excess repayment

External pre-conditions

No response

Attack Path

No response

Impact

Borrowers will loose the excess they have paid

PoC

No response

Mitigation

Cap the payment to amountOwed