15,000 USDC
View results
Submission Details
Severity: medium
Valid

Lack of duplication check in constructor

Summary

There is not any check wether the deployer has set the same collateral address along with corresponding price feed twice.

Vulnerability Details

While there is check in constructor to compare the length of collateral array to the corresponding price feeds

There is not any check for collateral address and price feed being repeated, if the same collateral entered twice.

Users collateral value will be counted twice in the health check calculation.

Impact

Many users will pass account health check despite being underwater. Also, user will able mint to twice the amount than they are supposed to.

Tools Used

Manual review

Recommendations

Implement check to see if the collateral is not being repeated in array input of constructor.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.