No tokenCollateralAddress check
There is a isAllowedToken
modifier used 'depositCollateral()' but not used in redeemCollateralForDsc()
, redeemCollateral()
and _redeemCollateral()
.
If a user calls these functions with a wrong token address it will fail.
Manual review
Add the isAllowedToken modifier to the functions with tokenCollateralAddress user input.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.