Description: In the repay_stable_coin function from central_control contract, there is no validation that the info.sender is pool_contract. As a consequence, anyone could call this function to repay the loans without spending coins;
Code Location:
krp-cdp-contracts/contracts/central_control/src/contract.rs#L612
Description: In the
repay_stable_coin
function from central_control contract, there is no validation that theinfo.sender
is pool_contract. As a consequence, anyone could call this function to repay the loans without spending coins; Code Location: krp-cdp-contracts/contracts/central_control/src/contract.rs#L612