smbv-1923 - whenNotPaused() modifier not checked during call() which creates problem

[sherlock-admin3]

smbv-1923

Medium

whenNotPaused() modifier not checked during call() which creates problem

Summary

whenNotPaused() modifier not checked during call() which creates problem

Root Cause

https://github.com/sherlock-audit/2024-09-predict-fun/blob/main/predict-dot-loan/contracts/PredictDotLoan.sol#L561

Internal pre-conditions

Contract should be paused when user calls call()

External pre-conditions

No response

Attack Path

• Let's suppose the contract is paused and at that time lender calls call() for auctioning of the loan.
• But now as the contract is paused no one would be able to call auction() as there whenNotPaused modifier inside auction()
  function auction(uint256 loanId) external nonReentrant whenNotPaused
• This creates problem for lender , new lender and borrower.
• Current lender would not be able to auction the call as no one is able to call the function
• New lender who wishes th take over loan as he thinks the collateral amount would be big in coming times would not be able to take over this loan.
• Borrower will have no choice and would not be given chance to repay the loan as loan cannot be auctioned.

Impact

• This creates problem for lender , new lender and borrower.
• Current lender would not be able to auction the call as no one is able to call the function
• New lender who wishes th take over loan as he thinks the collateral amount would be big in coming times would not be able to take over this loan.
• Borrower will have no choice and would not be given chance to repay the loan as loan cannot be auctioned.

PoC

No response

Mitigation

Add whenNotPaused() modifier during call()