Submission Details
Severity:
modifier isAllowedToken could be used in more places to prevent underflow revert and provide gas optimization
Summary
If we pass wrong token address on those functions they will revert in the operation of s_collateralDeposited[from][tokenCollateralAddress] -= amountCollateral; which will underflow the balance of the token address(0), which is a bad place to capture this error. The catch in the modifier will also save gas for the msg.sender.
Vulnerability Details
Also there is a possibility for unpredictable behavior when we hit
function getUsdValue(address token, uint256 amount) public view returns (uint256) {
AggregatorV3Interface priceFeed = AggregatorV3Interface(s_priceFeeds[token]);
(, int256 price,,,) = priceFeed.staleCheckLatestRoundData();
Impact
Bad traceability on the actual error.
Tools Used
Manual Review
Recommendations
Use isAllowedToken(address) on "liquidate" and "redeemCollateral" functions:
function liquidate(address collateral, address user, uint256 debtToCover)
external
moreThanZero(debtToCover)
nonReentrant
isAllowedToken(collateral){
...}
function redeemCollateral(address tokenCollateralAddress, uint256 amountCollateral)
public
moreThanZero(amountCollateral)
nonReentrant
isAllowedToken(tokenCollateralAddress)
{
...
}
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
23664 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.