Platform: Code4rena
Start Date: 16/12/2021
Pot Size: $100,000 USDC
Total HM: 21
Participants: 25
Period: 7 days
Judge: alcueca
Total Solo HM: 12
Id: 66
League: ETH
Rank: 21/25
Findings: 1
Award: $239.08
π Selected for report: 0
π Solo Findings: 0
239.0826 USDC - $239.08
gpersoon
The function addColl() checks that no duplicate collateral types are send. The function withdrawColl() does the reverse of function addColl() and also has parameters which list the requested collateral types to retrieve. However there is no check on duplicate collaterals. Trying to retrieve the same collateral twice might have unexpected side effects.
function withdrawColl( address[] memory _collsOut, uint256[] memory _amountsOut, address _upperHint, address _lowerHint ) external override { AdjustTrove_Params memory params; params._collsOut = _collsOut; params._amountsOut = _amountsOut; params._upperHint = _upperHint; params._lowerHint = _lowerHint; _adjustTrove(params); }
function addColl( address[] memory _collsIn, uint256[] memory _amountsIn, address _upperHint, address _lowerHint, uint256 _maxFeePercentage ) external override { ... // check that all _collsIn collateral types are in the whitelist and no duplicates _requireValidDepositCollateral(params._collsIn); ... _adjustTrove(params); }
function _requireValidDepositCollateral(address[] memory _colls) internal view { _requireNoDuplicateColls(_colls); for (uint256 i = 0; i < _colls.length; i++) { require(whitelist.getIsActive(_colls[i]), "BOps: Collateral not in whitelist"); } }
Call _requireValidDepositCollateral() or _requireNoDuplicateColls() from withdrawColl()
#0 - kingyetifinance
2022-01-05T06:05:02Z
@LilYeti: Duplicate with Issue #96 which is low severity
#1 - alcueca
2022-01-15T06:16:11Z
Duplicate of #197
#2 - alcueca
2022-01-15T16:02:30Z
Low severity, since the code is incorrect as to spec, but there is no proof of any impact