Summary

Collateral.Data information is saved in two locations. Protocol access this information from both places but admin can update only one of them resulting in a DoS for admin rights.

Vulnerability Details

Collateral data is handled by Collateral library and saved at COLLATERAL_LOCATION storage location. It is configured by MarketMakingEngineConfigurationBranch ::configureCollateral function and can be called multiple times by admin.

Same data structure is stored is Vault leaf and is part of the bigger vault's data struct stored at VAULT_LOCATION storage location.
It is initialized when the vault is created. If the vault exist this function can't be called again. The vault's self.collateral data can't be updated.

Two critical information are accessed from colllateral.Data stored in vault:

• isEnable status in VaultRouterBranch::initiateWithdrawal and deposit

• priceAdapter in VaultRouterBranch::getVaultCreditCapacity and StabilityBranch::initiateSwap

In case admin wants to update priceAdapter (eg. in case of a vulnerability in existing adaptor) or to disable the collateral, he can't.
The protocol can reach a situation where an asset is disabled in market-making-engine (via configureCollateral) while is still active in a Vault.
Same for priceAdapter, it can have an adapter in a specific vault and a different adapter to be configured in engine for same asset.
In case of a vulnerable adaptor the vault must be shut down and re-created.

Impact

Key vault parameters are inaccessible for admin to update, resulting the relaunch the vault and the associated hassle.

Tools Used

Recommendations

There are two options. Either remove Collateral.data from Vault structure and update the code where required to interogate collateral data only from COLLATERAL_LOCATION.
Or, at least, add a new function (or update existing Vault::update) to allow admin to update these two parameters.