Gondi

Summary

In this audit, we reviewed the Gondi V2 NFT lending platform. Borrowers and Lenders can offer loan terms that the other party can agree to. The borrower's NFT (or bundle of NFTs/tokens if a specific vault is leveraged) is put in escrow in exchange for the lender's principal. A loan can be repaid at any time, provided all accrued interest rate and principal is returned. If a borrower fails to do so, the NFT is either claimed by the single lender of the loan or auctioned off, with the proceeds of the auction being distributed to the partial lenders. Loans can be partially or fully refinanced by any lender, provided that the specified APR will result in sufficiently lower daily interest to be paid by the borrower. A loan can also be renegotiated, where a borrower accepts a loan offer that is not necessarily strictly better but offers a desired adjustment, e.g. extended loan duration for increased APR. Refinanced sources continue to accrue a small APR, as a portion of the delta in APR of the refinancing source continues to accrue interest for refinanced lenders. These "proceeds" are however discarded in case of liquidations. Loan repayment and loan initialization can be paired with hooks, where certain actions involving the loan's principal or collateral can be performed. This enables Buy Now Pay Later functionality, where the borrower essentially performs a leveraged buy of the collateral with the loan's principal and also enables the market selling of the collateral NFT to repay a loan. In the course of the audit, a few significant concerns arose. The `UserVault` can be drained from all ERC721 tokens (GON-1) and the callback data from borrower-signed protocol interactions remains unsigned, enabling anyone to manipulate it, potentially removing the full difference between e.g. the sale price and the loan costs from the borrower (GON-2). The proceeds mechanic can also be abused to force loans into liquidation, as the array can grow indefinitely, making the settlement of proceeds debt impossible, and forcing the loan to get liquidated (GON-3). In multiple instances, we also identified a lack of input validation (GON-5, GON-14). While we deem the code quality to be high, the codebase could benefit from added code comments for improved readability. Additional documentation containing a specification of e.g. the flow of funds in the different protocol interactions. Many tests were provided. However, the test suite currently does not support any coverage metrics and did not execute with other internal tooling, making it difficult to judge the test suite's thoroughness. <br> <br> **Update Fix-Review** The proceeds mechanic has been removed from the protocol, as a result, certain issues no longer apply. These issues have been marked as "Fixed". All of the remaining issues have either been acknowledged or properly fixed by the client.