022.md

J4de

medium

TellerV2.sol borrowers can disrupt the market with unlimited malicious bids

Summary

TellerV2.sol borrowers can disrupt the market with unlimited malicious bids

Vulnerability Detail

File: TellerV2.sol
 303     function submitBid(
 304         address _lendingToken,
 305         uint256 _marketplaceId,
 306         uint256 _principal,
 307         uint32 _duration,
 308         uint16 _APR,
 309         string calldata _metadataURI,
 310         address _receiver,
 311         Collateral[] calldata _collateralInfo
 312     ) public override whenNotPaused returns (uint256 bidId_) {
 313         bidId_ = _submitBid(
 314             _lendingToken,
 315             _marketplaceId,
 316             _principal,
 317             _duration,
 318             _APR,
 319             _metadataURI,
 320             _receiver
 321         );
 322
 323  >>     bool validation = collateralManager.commitCollateral(
 324             bidId_,
 325             _collateralInfo
 326         );
 327
 328         require(
 329             validation == true,
 330             "Collateral balance could not be validated"
 331         );

When the borrower calls the submitBid function, it will then call commitCollateral function, and commitCollateral function will check the borrower's collateral balance. In addition, the borrower does not need to provide the funds.

Attackers can use flash loans to bypass balance checks and send out a large number of malicious bids to disrupt the market.

Impact

market bid is disrupted.

Code Snippet

https://github.com/teller-protocol/teller-protocol-v2/blob/cb66c9e348cdf1fd6d9b0416a49d663f5b6a693c/packages/contracts/contracts/TellerV2.sol#L303

Tool used

Manual Review

Recommendation

It is recommended to increase some bid costs, such as deposit a certain percentage of collateral in advance.