| // SPDX-License-Identifier: GPL-3.0-or-later | |
| pragma solidity 0.8.13; | |
| import {Test, console} from "@forge-std/Test.sol"; | |
| import {Core} from "@src/core/Core.sol"; | |
| import {CoreRoles} from "@src/core/CoreRoles.sol"; | |
| import {GuildToken} from "@src/tokens/GuildToken.sol"; | |
| import {CreditToken} from "@src/tokens/CreditToken.sol"; | |
| import {ProfitManager} from "@src/governance/ProfitManager.sol"; | |
| import {MockLendingTerm} from "@test/mock/MockLendingTerm.sol"; |
| da |
| aaa |
Anyone can become the new loan lender, even the borrower
The lender can set a new address to be the lender of the loan. What will the old lender get or will just lose the loan amount? Also, what if the borrower of the loan is determined to be a lender, he will receive both the loan amount and the collateral after the loan defaults.
claimRepaid() need a check for msg.sender, so that only he can decide when to get his claim.
If the lender does not want to receive the repaid value when the borrower repays, but to receive it at the end, now it isn’t possible, because the current implementation allows anyone to execute it and the lender will receive their unclaimed DAI.
The DAI/gOHM exchange rate is stored in LOAN_TO_COLLATERAL constant variable. Since it is hardcoded, it is obvious that sooner or later it will become inaccurate.
When you create a new loan, ClearingHouse.sol passes LOAN_TO_COLLATERAL, this value is used for conversion calculations. If the price of gOHM goes down or up, the calculations will not be accurate, as it is already $2900 at the time of writing.
PoC #2
User will put up much more collateral than needed if the exchange rate goes up a lot.
Let's say we first borrow 2900DAI with 966,666,666,666,666,666 (0.96 gOHM) as collateral at a ratio of 3000e18 DAI/gOHM.
What if the ratio reaches 4000e18, the required collateral for the loan amount will be 726 201 712 328 767 122, isn't it necessary to return the difference to the borrower or reduce his debt? What if the price becomes very high e.g. 10000e18, the required collateral will now be 290,480,684,931,506,849, but there will be 966,666,666,666,666,666 as collateral, which is above than three times more. And when the loan becomes default, the lender will receive three times the amount they sent to the borrower.
