Open code423n4 opened 2 years ago
pauliax
function _addUSDVPair does not check if the foreignAsset does not exist yet, thus it is possible to override it.
Make sure this is the intended behavior or else add validations, e.g.
require(pairData.updatePeriod == 0, "...");
Handle
pauliax
Vulnerability details
Impact
function _addUSDVPair does not check if the foreignAsset does not exist yet, thus it is possible to override it.
Recommended Mitigation Steps
Make sure this is the intended behavior or else add validations, e.g.