# #36567 \[SC-Insight] Anyone can cancel anyone's LOC

**Submitted on Nov 6th 2024 at 05:37:39 UTC by @gladiator111 for** [**Audit Comp | Anvil**](https://immunefi.com/audit-competition/audit-comp-anvil)

* **Report ID:** #36567
* **Report Type:** Smart Contract
* **Report severity:** Insight
* **Target:** <https://immunefi.com/>
* **Impacts:**
  * Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)

## Description

## Brief/Intro

Anyone can cancel anyone's LOC through \`LetterOfCredit.sol::cancelLOC\` when it is expired preventing the users usage of \`LetterOfCredit.sol::createLOCFromExpired\`

## Vulnerability Details

\`LetterOfCredit.sol::cancelLOC\` contains a weak if statement which can be bypassed by anyone when the LOC has expired \`\`\`solidity @> if (msg.sender != loc.beneficiary && loc.expirationTimestamp > block.timestamp) { \_validateCancelAuth(\_locId, loc.beneficiary, \_beneficiaryAuthorization); } \`\`\`\
Through this if statement anyone can cancel anyone's LOC when it is expired. This completely prevents the users from using \`LetterOfCredit.sol::createLOCFromExpired\` as this function will get reverted because the LOC has already been deleted from the storage \`\`\`solidity function createLOCFromExpired( uint96 \_locId, address \_beneficiary, uint32 \_expirationTimestamp, bytes memory \_oraclePriceUpdate ) external payable refundExcess nonReentrant { LOC memory loc = locs\[\_locId]; uint256 creditedTokenAmount = loc.creditedTokenAmount;

```
    if (creditedTokenAmount &#x3D;&#x3D; 0) revert LOCNotFound(_locId);
```

@> if (msg.sender != loc.creator) revert AddressUnauthorizedForLOC(msg.sender, \_locId); //will get reverted here as loc.creator will become address(0) \`\`\`

## Impact Details

An attacker can keep canceling all the expired LOCs in the protocol and users will never be able to use \`LetterOfCredit.sol::createLOCFromExpired\` this function.

## Recommendation

modify the if statement as follows \`\`\`solidity

* if (msg.sender != loc.beneficiary && loc.expirationTimestamp > block.timestamp) {
* if (msg.sender != loc.beneficiary || loc.expirationTimestamp > block.timestamp) { \_validateCancelAuth(\_locId, loc.beneficiary, \_beneficiaryAuthorization); } \`\`\`

## References

<https://github.com/AcronymFoundation/anvil-contracts/blob/1bbe04bb6f1aa1beea0ebf55e1bad67da3aa0f87/contracts/LetterOfCredit.sol#L372> <https://github.com/AcronymFoundation/anvil-contracts/blob/1bbe04bb6f1aa1beea0ebf55e1bad67da3aa0f87/contracts/LetterOfCredit.sol#L275>

## Proof of Concept

## Proof of Concept

As the time for expiry for the contest is very near and the protocol doesn't contain any tests (publically), I am just submitting the impact and vulnerability details. I commit to submitting the POC within the next 48 hours.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://reports.immunefi.com/anvil/36567-sc-insight-anyone-can-cancel-anyones-loc.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.