0xGoodess
medium
borrower can still repay even if his/her loan enters default
there is no check whether the loan enters into default state before executing the repay function. There is no specification on the expected behavior but technically if neither the lender nor any liquidator comes in, the borrower can wait an extended period of time being in default state before finally repaying.
Across all types of repay functions, there is no check on whether the loan is default or not.
_repay function
function _repayLoan(
uint256 _bidId,
Payment memory _payment,
uint256 _owedAmount,
bool _shouldWithdrawCollateral
) internal virtual {
Bid storage bid = bids[_bidId];
uint256 paymentAmount = _payment.principal + _payment.interest;
RepMark mark = reputationManager.updateAccountReputation(
bid.borrower,
_bidId
);
// Check if we are sending a payment or amount remaining
if (paymentAmount >= _owedAmount) {
paymentAmount = _owedAmount;
bid.state = BidState.PAID;
// Remove borrower's active bid
_borrowerBidsActive[bid.borrower].remove(_bidId);
// If loan is is being liquidated and backed by collateral, withdraw and send to borrower
if (_shouldWithdrawCollateral) {
collateralManager.withdraw(_bidId);
}
emit LoanRepaid(_bidId);
} else {
emit LoanRepayment(_bidId);
}there is no hard time constraint on when the borrower can repay.
Manual Review
add a delinquent check before _repayLoan to make sure entering default state is an irreversible state and it prevents any repaying.
function _repayLoan(
uint256 _bidId,
Payment memory _payment,
uint256 _owedAmount,
bool _shouldWithdrawCollateral
) internal virtual {
require(!isLoanDefaulted(_bidId));
...
...