yy
high
ou0qa1
high
Based on the platform UI included features, the platform should be accepted Token/NFT as collateral. In the provided code snippets, there is no clear mechanism for transferring and locking collateral Tokens/NFT. This could potentially lead to scenarios where the borrower can misuse the collateral tokens during the loan period.
In the TellerV2 smart contract, the safeTransferFrom() only used when the lender to accept a proposed loan bid.
Here is a scenario:
- Alice requests a loan and submits an Tokens/NFT as collateral on the lending platform, the process will call
submitBid(). - In the
submitBid(), thecommitCollateral()will check the collateral details. - And then the bid has been created.
- However, there is no locking mechanism for this function.
- It means, if Alice request a loan and provide the collateral ,and there is no lender accept bid yet, Alice can still use or sell or swap the collateral.
- If the lender accept bid request after Alice sell the NFT on the other platform such as OpenSea, the lender may loss funds
If the collateral is not locked and the borrower defaults on their loan, the lender might not be able to recover their funds.
https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L272 https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L303 https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/CollateralManager.sol#L117
Manual Review
The collateral could be transferred to and held by the platform during the loan process, ensuring it is locked and secure. Once the bid is canceled or the loan is paid off, the collateral will be unlocked and returned to the borrower from the platform.