Alert Neon Hornet
High
In a scenario where the borrower defaults and doesn't pay the loan amount back, the lender can call() and then seize() the collateral. The collateral is in the form of ERC1155 tokens. It's crucial that the lender supports ERC1155 Token reception. Otherwise the seize() uses safeTransferFrom which reverts if the receiver doesn't support ERC1155 tokens. The loan will be stuck in the Called state until the borrower repay() the loan.
function _seize(uint256 loanId, Loan storage loan) private {
loan.status = LoanStatus.Defaulted;
CTF.safeTransferFrom(address(this), msg.sender, loan.positionId, loan.collateralAmount, "");
emit LoanDefaulted(loanId);
}In seize() it is expected that the lender of the loan supports ERC1155 tokens but it's not verified during loan creation. As a result the lender cannot seize() the collateral and close the loan.
https://github.com/sherlock-audit/2024-09-predict-fun/blob/main/predict-dot-loan/contracts/PredictDotLoan.sol#L877C5-L883C6
No response
No response
- Alice unknowingly creates a Loan offer from a smart wallet that doesn't support ERC1155 tokens.
- Bob fulfils this order and get the loan amount.
- Now Bob defaults and doesn't pay it's loan back. The Alice can't receive the Bob's collateral as it's wallet doesn't support ERC1155 tokens.
- Bob can wait for the result to come and then decide if it's profitable to keep the loan or repay and get it's collateral back. While there is no interest acquiring anymore as the loan status is Called.
The lender will lose it's loan as well as the collateral leading to total loss.
No response
Whenever a new loan is created i.e in acceptLoanOfferAndFillOrder(), _acceptOffer(), matchProposals() & refinance(). Add an assert at the end of the call to verify the lender can accept ERC1155 NFTs using ERC1155Utils.checkOnERC1155Received() method.
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC1155/utils/ERC1155Utils.sol