The Wildcat Protocol - stackachu's results

Lines of code

https://github.com/code-423n4/2023-10-wildcat/blob/main/src/market/WildcatMarket.sol#L142

Vulnerability details

Impact

The inability to close markets has the following consequences:

• Excess assets in the market (e.g. sent to the market in excess of the required payment by the borrower) cannot be recovered as closing a market is the only way to transfer excess assets out of the market. This causes those assets to be stuck in the market forever.
• If the interest rate constraints were enforced by the controller, the borrower might be forced to pay interest on assets that the borrower no longer wants to utilize but that are not withdrawn by the lender(s) (in the current version of the code the borrower can change the market's interest rate to 0% via the controller, however I believe that this is a bug and that the interest rate constraints are supposed to be applied, which would make the borrower unable the change the interest rate below the minimum interest rate).

Proof of Concept

The WildcatMarket.closeMarket() function has the onlyController modifier. Thus, it can only be called by the controller. The controller, however, has no code to call this function, making it effectively uncallable.

function closeMarket() external onlyController nonReentrant {

Tools Used

Manual review.

Recommended Mitigation Steps

A closeMarket() function should be added to WildcatMarketController that is callable by the borrower and calls the WildcatMarket.closeMarket() function to close a market.

Assessed type

Other

Judge has assessed an item in Issue #601 as 2 risk. The relevant finding follows:

[L-01] Interest rate constraints are not enforced when market interest rate is changed