The issue lies in using the _collateralTokenToWToken
mapping, which maps collateralToken
to its corresponding wToken
. Instead, the collateralToken
address should be directly utilized in the operation.
The code snippet provided contains flawed logic for determining the collateralToken
address. Specifically, the contract uses the address of the wToken
rather than the intended collateralToken
for the given pool. This discrepancy can lead to failures in collateral handling and improper functionality of the protocol.
Failure in collateral calculations: The wrong token being used in calculations or contract logic.
Loss of funds or mismanagement: If the protocol processes funds with the incorrect token address, it could cause improper liquidity handling or user losses.
Replace the problematic mapping logic with the appropriate collateralToken
address usage. Specifically, update the code to ensure it refers to the correct collateral token address as follows:
// Use the correct collateralToken address
collateralToken: _poolParams.collateralToken,
// Optional Improvement: Maintain a direct mapping for collateralToken-to-wToken only where needed _wTokenToCollateralToken[_wToken] = _poolParams.collateralToken;
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.