Platform: Code4rena
Start Date: 11/12/2023
Pot Size: $90,500 USDC
Total HM: 29
Participants: 127
Period: 17 days
Judge: TrungOre
Total Solo HM: 4
Id: 310
League: ETH
Rank: 59/127
Findings: 1
Award: $211.23
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: SBSecurity
Also found by: 0xaltego, 0xbepresent, Aymen0909, Bauchibred, Cosine, EVDoc, EloiManuel, HighDuty, Sathish9098, Tendency, Timeless, ZanyBonzy, beber89, deliriusz, ether_sky, grearlake, hals, klau5, lsaudit, nadin, rvierdiiev, tsvetanovv
211.2258 USDC - $211.23
Calling onBid() could reverts due to the borrower being blacklisted, it will lead to a bad debt at the conclusion of the auction. The only way to address this situation will be to call the forgive() function
If the collateral is USDC or USDT and a borrower is blacklisted after taking a loan, a revert will occur when calling bid() because onBid() will fail to transfer the remaining collateral back to the borrower. This scenario may unfold only if someone places a bid during the first phase of the auction, provided that collateralToBorrower != 0:
This transfer will revert if the borrower is blacklisted: https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/2376d9af792584e3d15ec9c32578daa33bb56b43/src/loan/LendingTerm.sol#L804-L808
Manual review
Instead of sending tokens directly to the borrower, consider storing the number of tokens in variables and having the borrower claim it later in order to avoid any revert during the bidding process.
DoS
#0 - c4-pre-sort
2024-01-02T11:02:25Z
0xSorryNotSorry marked the issue as sufficient quality report
#1 - c4-pre-sort
2024-01-02T11:03:20Z
0xSorryNotSorry marked the issue as duplicate of #691
#2 - c4-pre-sort
2024-01-03T17:41:04Z
0xSorryNotSorry marked the issue as duplicate of #1245
#3 - c4-judge
2024-01-27T07:40:56Z
Trumpero changed the severity to QA (Quality Assurance)
#4 - c4-judge
2024-01-27T09:40:06Z
Trumpero marked the issue as grade-b