Closed detectivekim closed 11 months ago
The privileged setLoanConfiguration() function in the LoanPositionManager can introduce new (collateral,debt) combinations without restrictions. A malicious admin could abuse it to allow borrowing against worthless tokens and drain the AssetPool.
setLoanConfiguration()
LoanPositionManager
AssetPool
Description
The privileged
setLoanConfiguration()function in theLoanPositionManagercan introduce new (collateral,debt) combinations without restrictions. A malicious admin could abuse it to allow borrowing against worthless tokens and drain theAssetPool.