ravikiran.web3
medium
acceptCommitment() is an external function of LenderCommitmentForwarder contract using which a loan bid can be accepted against a commitment by the lender. The Bid can be created for 0 principal amount.
The risk of such creation is low as the commitment number is adjusted against the principal amount, which means the commitment from the lender is not impacted, but there could be a redundant processing of efforts on the blockchain that are not effective against the transaction cost.
This could effect the list of bids/commitments on the UI with 0 principal. Otherwise, there is no effect on the resultant funds. Caller can adjust the collateralAmount where necessary to run this function in this wierd way.
This could be easily prevented with a check at the entry point is the purpose to raise it.
A bid for 0 principal is created A collateral for equivalent are transacted there are not checked in the functions performing transfers for collaterals as well. So, the whole mechanism should work with no effective result and hence not a desirable effort.
Unnecessary entries in the Storage structures and transfer of tokens.
There is no check on the principal amount before the remaining processing begans.
Manual Review Manual code review.
Check for principal amount to be greater than 0 in the acceptCommitment. Even better, the loan is checked against what is eligible based on collateral provided before proceeding with processing.