Closed code423n4 closed 3 years ago
Not a bug, missing info from wiki. Will update in wiki
Agreed this is missing docs in this case - the pool delegate is the only logical entity to trigger defaults here, and this is documented at https://github.com/maple-labs/maple-core/wiki/Loans#Liquidations
Handle
0xRajeev
Vulnerability details
Impact
The capabilities listed in specification for Pool Delegates (https://github.com/maple-labs/maple-core/wiki/Pools#pool-delegates and https://github.com/maple-labs/maple-core/wiki/PoolDelegate-Admin-Actions) do not include the triggering of defaults as enabled by the triggerDefault() function or the deactivation of pools as enabled by deactivate() function of Pool.sol.
This appears to be a mismatch between specification and implementation.
Proof of Concept
https://github.com/maple-labs/maple-core/blob/355141befa89c7623150a83b7d56a5f5820819e9/contracts/Pool.sol#L162-L171 https://github.com/maple-labs/maple-core/blob/355141befa89c7623150a83b7d56a5f5820819e9/contracts/Pool.sol#L260-L269
https://github.com/maple-labs/maple-core/wiki/Pools#pool-delegates https://github.com/maple-labs/maple-core/wiki/PoolDelegate-Admin-Actions)
Tools Used
Manual Analysis
Recommended Mitigation Steps
Clarify in the specification about this capability of Pool Delegates.