If there are to many tokens allowed as collateral the function getAccountCollateralValue
can ran out of gas and thereby prevent liquidations of accounts that should be liquidatable
In the function getAccountCollateralValue
there is a for loop that loops over the array s_collateralTokens
and checks how much the deposited amount of the user is worth. If this array is to long, this can lead to OOG issues that would revert the function and DOS any function that uses getAccountCollateralValue
. These would be the function _getAccountInformation
and thereby any main function that uses _healthFactor
. This would mean, that the liquidation, burning DSC
and redeeming collateral would not work.
Users can not be liquidated and they cannot withdraw their collateral
Manual review
Limit the number of tokens that can be used as collateral
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.