Vault could be undercollateraised, when asset has been deleted from list
Summary
If owner of project delete token from tokens list, some vaults could become undercollateraised.
Vulnerability Details
Function SmartVaultV3.euroCollateral get tokens list from tokenManager contract.
This list could be changed. Admin could add or remove tokens from this list.
For example, user has vault with collaterals tokens: usdt(100), wbtc(100) and user has minted some EUROs tokens.
Admin of project delete wbtc from tokenslist.
And from this moment, user's vault could be liquidated by any user, because function undercollateralised will return true.
undercollateralised() -> " minted > maxMintable()" -> maxMintable() -> euroCollateral() -> and function receive incomplete list of tokens.
Impact
Vaults with sufficient collateral will be liquidated.
Also, function SmartVaultV3.status() will return wrong data, because it use function euroCollateral()
Tools Used
Manual review
Recommendations
Store list of tokens in constructor.
And if new tokens appears in returned data of getTokenManager().getAcceptedTokens(), store new tokens. But not delete old tokens from stored list.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.