Lone Tangerine Liger - Incorrect return value in DebitaV3Loan::claimCollateralAsNFTLender function #1000
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Lone Tangerine Liger
High
Incorrect return value in DebitaV3Loan::claimCollateralAsNFTLender function
Summary
DebitaV3Loan::claimCollateralAsNFTLender function should revert if the receipt is neither auctionInitialzied nor solo lender.
Root Cause
DebitaV3Loan::claimCollateralAsNFTLender is used for claim collateral as lender in case of default. The problem arise when the collateral nft is neither auction sold nor solo lender, in this situation the function should not allow a single lender to claim as there is only one nft. however, the method claimCollateralAsNFTLender return flase value during such case. which will cause problem , for burn the lender's loan.
https://github.com/sherlock-audit/2024-11-debita-finance-v3/blob/1465ba6884c4cc44f7fc28e51f792db346ab1e33/Debita-V3-Contracts/contracts/DebitaV3Loan.sol#L349
https://github.com/sherlock-audit/2024-11-debita-finance-v3/blob/1465ba6884c4cc44f7fc28e51f792db346ab1e33/Debita-V3-Contracts/contracts/DebitaV3Loan.sol#L361
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
lender who claims the collateral when the nft is not auctioned yet and there are more than one lenders will suffer loss as the loan will burn but lender claims nothing.
PoC
No response
Mitigation
consider change the return false value into revert in DebitaV3Loan::claimCollateralAsNFTLender
The text was updated successfully, but these errors were encountered: