Accepted tokens for collateral will all need to have different symbols, or the system accounting will break
Summary & Vulnerability Details
SmartVaultV3 and LiquidationPool use the ERC20 token symbol to differentiate between tokens. There is no obligation for ERC20 tokens on a blockchain to have distinct symbols.
Impact
When looking up a token by symbol on the dependency TokenManager it will return the last token found with a symbol.
function getToken(bytes32 _symbol) external view returns (Token memory token) {
for (uint256 i = 0; i < acceptedTokens.length; i++) if (acceptedTokens[i].symbol == _symbol) token = acceptedTokens[i];
require(token.symbol == _symbol, "err-invalid-token");
}
Users meant to remove or swap a type of collateral will end up removing another type with the same symbol. Also on liquidation pool rewards for a token will duplicate for another token with the same symbol.
Recommendations
The system could differentiate between tokens by using the address on chain. However no change is needed but the owners of the protocol need to vet the tokens that will be accepted as collateral to make sure they have distinct symbols.
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.