15,000 USDC
View results
Submission Details
Severity: medium

Add Remove Allowed Token Funtion

Summary

Admin should have ability to remove Allowed Token Funtion

Vulnerability Details

isAllowedToken modifier checks against a list of allowed tokens, then it's still possible that a token in this list has been compromised/is malicious/price fee error. To mitigate this, the contract owner should have the ability to remove tokens from the list.

Impact

An attacker could potentially use a malicious token contract to exploit the contract.

Tools Used

manually reviewed

Recommendations

Provide a function that would allow the contract owner to remove a token from the allowed list

pragma solidity ^0.8.0;
import "@openzeppelin/contracts/access/Ownable.sol";
contract DSCEngine is ReentrancyGuard, Ownable {
event TokenRemoved(address indexed token);
// function to remove a token from the allowed list
function removeToken(address token) public onlyOwner isAllowedToken(token) {
delete s_priceFeeds[token];
emit TokenRemoved(token);
}
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.