Skip to content

Latest commit

 

History

History
56 lines (40 loc) · 1.68 KB

080.md

File metadata and controls

56 lines (40 loc) · 1.68 KB

J4de

medium

Borrowers can only make repayments until liquidation

Summary

Borrowers can only make repayments until liquidation.

Vulnerability Detail

File: TellerV2.sol
 580     function repayLoanMinimum(uint256 _bidId)
 581         external
 582         acceptedLoan(_bidId, "repayLoan")
 583     {
 584         (
 585             uint256 owedPrincipal,
 586             uint256 duePrincipal,
 587             uint256 interest
 588         ) = V2Calculations.calculateAmountOwed(
 589                 bids[_bidId],
 590                 block.timestamp,
 591                 bidPaymentCycleType[_bidId]
 592             );
 593         _repayLoan(
 594             _bidId,
 595             Payment({ principal: duePrincipal, interest: interest }),
 596             owedPrincipal + interest,
 597             true
 598         );
 599     }

Borrowers are allowed to miss repayments on time due to the absence of penalties for loans that are not repaid on time. Also, the borrower can avoid liquidation by:

  1. The liquidation time and the repayment time point are inconsistent, and are calculated by _canLiquidateLoan and calculateNextDueDate respectively, which results in a buffer period between the liquidation time and the repayment time
  2. Borrowers can repay only before being liquidated, preempting liquidation requests and avoiding liquidation.

Impact

Borrowers may not make payments on time.

Code Snippet

https://github.com/teller-protocol/teller-protocol-v2/blob/cb66c9e348cdf1fd6d9b0416a49d663f5b6a693c/packages/contracts/contracts/TellerV2.sol#L580-L599

Tool used

Manual Review

Recommendation

It is recommended to penalty for borrowers who fail to pay on time.