Closed detectivekim closed 11 months ago
The privileged setLoanConfiguration() function in the LoanPositionManager can introduce new (collateral,debt) combinations without restrictions. A malicious admin could abuse it to allow borrowing against worthless tokens and drain the AssetPool.
setLoanConfiguration()
LoanPositionManager
AssetPool
Description
The privileged
setLoanConfiguration()
function in theLoanPositionManager
can introduce new (collateral,debt) combinations without restrictions. A malicious admin could abuse it to allow borrowing against worthless tokens and drain theAssetPool
.