Back to danb's contests

Backed Protocol contest - danb's results

Protocol for peer to peer NFT-Backed Loans.

General Information

Platform: Code4rena

Start Date: 05/04/2022

Pot Size: $30,000 USDC

Total HM: 10

Participants: 47

Period: 3 days

Judge: gzeon

Total Solo HM: 4

Id: 106

League: ETH

Backed Protocol

Findings Distribution

Researcher Performance

Rank: 17/47

Findings: 1

Award: $293.89

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryBacked Protocol

Findings Information

🌟 Selected for report: cmichel

Also found by: AuditsAreUS, IllIllI, Ruhum, csanuragjain, danb, joshie, t11s, tintin

Labels

bug
duplicate
3 (High Risk)
disagree with severity
sponsor acknowledged

Awards

293.89 USDC - $293.89

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-04-backed/blob/main/contracts/NFTLoanFacilitator.sol#L129

Vulnerability details

The lender of a loan can lend an unbounded amount, which the borrower might not be able to pay its interest rate.

Proof of Concept

Alice wants to borrow 1000 USDC, she creates a loan with a 10% interest rate, and expects to pay 100 USDC after a year. Bob lends her 1 million USDC, after a year, she has to pay back 100,000 which she cannot afford.

Don't allow paying more the expected loan amount.

#0 - wilsoncusack

2022-04-06T19:25:52Z

Is how the protocol is designed to work -- nothing stops the user from paying back early

#1 - gzeoneth

2022-04-15T11:07:50Z

Duplicate of #24

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter