Closed code423n4 closed 3 years ago
It's not very intuitive, however, this is where we check for duplicates https://github.com/code-423n4/2021-04-basedloans/blob/5c8bb51a3fdc334ea0a68fd069be092123212020/code/contracts/UniswapOracle/UniswapAnchoredView.sol#L62
In my opinion, it's not a bug.
I'm tagging this as invalid / not a bug since there is a duplicate check.
Handle
@cmichelio
Vulnerability details
Vulnerability Details
UniswapConfig._addTokensInternal
should check if a token config is already registered for acToken
before overwriting it.(Similar issues exist for the symbol hash and the underlying.)
Impact
A function call could overwrite previous values and leave a corrupt state as the old token config still exists but is never referenced anymore as the
cToken -> index
map has been changed to the new index.Recommended Mitigation Steps
Check if the token config already exists instead of always appending it.