15,000 USDC
View results
Submission Details
Severity: low

not validating the passed collateral token in `redeemCollateral` and `liquidate` functions

Details

In the redeemCollateral and liquidate you are not validating the passed collateral token to see if it's allowed or not.

if invalid token is passed both functions will revert but the error message is not user freindly, here is the reason why function revert:

  1. user pass token in redeemCollateral which is not allowed as collateral, the tx will revert because of underflow in line 285

  2. user pass token in liquidate which is not allowed as collateral, the tx will revert beacuse of calling a function on address zero in line 345

Recommendations

you can use isAllowedToken in both functions so if the tx reverted, user knows the reason and it is good user experience

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.