Zesty Amber Kestrel
Medium
https://github.com/sherlock-audit/2024-11-debita-finance-v3/blob/main/Debita-V3-Contracts/contracts/DebitaBorrowOffer-Factory.sol#L143-L144 In thecontract, it checks whether the balance of an IERC20 token has successfully met the required amount, but it does not check the balance of an IERC721 token. If the user uses an IERC721 token as collateral, this check will fail, and it is also uncertain whether the IERC721 token has successfully entered the contract.DebitaBorrowOffer-Factory.sol
It only checks if the collateral staked by the user is an IERC20 token, and confirms whether the DebitaBorrowOffer-Factory.sol contract has enough IERC20 tokens. This is an incorrect check, as if _collateral is an IERC721 token, this check will cause the contract to fail.
No response
No response
An attacker could use an IERC721 token as collateral. When the attacker takes out a loan and deposits the IERC721 token as collateral, it will cause the transaction to fail. If the attacker repeatedly executes the same transaction, it could potentially cause the contract to become unresponsive.
A legitimate user attempting to use an IERC721 token as collateral for a loan will also encounter an error, preventing the transaction from being processed, which would break the functionality of the contract.
An attacker can use an IERC721 token as collateral without successfully transferring it to the contract, effectively enabling them to borrow funds without providing any actual collateral.
No response
To enhance the contract's validation functionality, it should not only check if the IERC20 collateral has been successfully deposited into the DebitaBorrowOffer-Factory.sol contract, but also account for the case where the collateral is an IERC721 token. Below is the suggested modified code:
if (_isNFT) {
address nftOwner = IERC721(_collateral).ownerOf(_receiptID);
require(nftOwner == address(borrowOffer), "NFT not transferred correctly");
} else {
uint balance = IERC20(_collateral).balanceOf(address(borrowOffer));
require(balance >= _collateralAmount, "Invalid balance");
}