The deployer may be negligent and the total value of the collateral acquired by the user may be significantly off
Summary
The deployer may unintentionally pass duplicate collateral token addresses in tokenAddresses and price feed addresses in priceFeedAddresses. This could potentially result in a significant deviation in the total collateral value for users.
Vulnerability Details
There is no uniqueness check for duplicate
tokenAddressesandpriceFeedAddressesin the constructor.Therefore, the deployer may have passed the same stablecoin address in
tokenAddressesalong with the corresponding price feed address inpriceFeedAddressesduring deployment.This situation will cause a significant deviation when users call
getAccountCollateralValue()to retrieve their total collateral value, as the duplicated collateral token addresses are included in the calculation.
As shown in the figure: 
Tools Used
Manual Review
impact
The significant deviation in the total collateral value will directly impact the calculation of the health factor, which in turn affects the number of coins that users can mint.
Recommendations
In the constructor, it is important to perform a uniqueness check for
tokenAddressesandpriceFeedAddresses. This will ensure that duplicate collateral token addresses and price feed addresses cannot be used.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.