15,000 USDC
View results
Submission Details
Severity: low

Arithmetic underflow error

Summary

There is no address validation for 'tokenCollateralAddress' in the public function 'redeemCollateral()', which could lead to an arithmetic underflow/overflow error.

Vulnerability Details

The "redeemCollateral()" function is intended for users to withdraw the collaterals they previously deposited. When called, "redeemCollateral()" will invoke the "_redeemCollateral()" function to deduct the deposited collateral balance using the following code:

s_collateralDeposited[from][tokenCollateralAddress] -= amountCollateral;

However, if the "tokenCollateralAddress" is not a valid address, this line of code can lead to an arithmetic underflow error.

Impact

When the function "redeemCollateral()" is invoked with a non-collateral address, it may result in an arithmetic underflow error.

Tools Used

Manual Review

Recommendations

Adding "isAllowedToken(tokenCollateralAddress)" modifer to "redeemCollateral()" function and use unchecked

unchecked{s_collateralDeposited[from][tokenCollateralAddress] -= amountCollateral;}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.