Race condition vulnerability

Summary

The loan parameters in the submitBid and lenderAcceptBid functions are not properly protected against race conditions. A malicious user could potentially manipulate loan parameters while transactions are in the mempool.

Vulnerability Detail

The submitBid and lenderAcceptBid functions do not have adequate protection mechanisms in place to prevent race conditions. As a result, a malicious user could potentially manipulate loan parameters while transactions are in the mempool, leading to unintended behavior and potential exploits.

Impact

This vulnerability could lead to unpredictable and unintended consequences in the loan parameters, potentially compromising the security and integrity of the platform.

Code Snippet

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L272

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L303

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L470

Tool used

Manual Review

Recommendation

Implement proper protection mechanisms, such as mutex locks or checks, to prevent race conditions in the submitBid and lenderAcceptBid functions. This will help ensure the integrity and security of the loan parameters during the bidding process.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

030.md

030.md

Race condition vulnerability

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

030.md

Latest commit

History

030.md

File metadata and controls

Race condition vulnerability

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation